Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30947
HistoryJul 22, 2014 - 12:00 a.m.

[ MDVSA-2014:134 ] liblzo

2014-07-2200:00:00
vulners.com
21
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2014:134
http://www.mandriva.com/en/support/security/

Package : liblzo
Date : July 10, 2014
Affected: Business Server 1.0

Problem Description:

Updated liblzo packages fix security vulnerability:

An integer overflow in liblzo before 2.07 allows attackers to
cause a denial of service or possibly code execution in applications
performing LZO decompression on a compressed payload from the attacker
(CVE-2014-4607).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607
http://advisories.mageia.org/MGASA-2014-0290.html

Updated Packages:

Mandriva Business Server 1/X86_64:
676e82c5705e8cdfac0d1f6882acd47e mbs1/x86_64/lib64lzo2_2-2.08-1.mbs1.x86_64.rpm
f48366ad7bfcda9dbb90c089893d46c7 mbs1/x86_64/lib64lzo-devel-2.08-1.mbs1.x86_64.rpm
ed9f749c9fd0b4210335f7bf4fc46398 mbs1/SRPMS/liblzo-2.08-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTvlT3mqjQ0CJFipgRAlNJAKCKM8HJdBgP8uurW7pnua+X8czjyACeNkL3
Ws0sJjckWUKV3tpPUudcOAo=
=PSE5
-----END PGP SIGNATURE-----

Related

veracode 1
nessus 43
openvas 31
osv 1
mageia 14
suse 2
centos 1
fedora 15
redhat 2
debiancve 1
debian 5
securityvulns 1
prion 1
ibm 4
f5 2
cve 1
freebsd 1
oraclelinux 1
gentoo 2
ubuntucve 1
amazon 1
ubuntu 1
thn 1
veracode
veracode
Remote Code Execution (RCE)
2020-12-11 09:20:29
nessus
nessus
Amazon Linux AMI : lzo (ALAS-2014-373)
2014-10-12 00:00:00
EulerOS 2.0 SP2 : grub2 (EulerOS-SA-2019-1735)
2019-07-22 00:00:00
EulerOS 2.0 SP3 : grub2 (EulerOS-SA-2019-2011)
2019-09-24 00:00:00
openvas
openvas
Fedora Update for krfb FEDORA-2014-9183
2014-08-16 00:00:00
Huawei EulerOS: Security Advisory for dump (EulerOS-SA-2019-2139)
2020-01-23 00:00:00
SUSE: Security Advisory for lzo (SUSE-SU-2014:0904-1)
2015-10-13 00:00:00
osv
osv
lzo2 - security update
2014-08-03 00:00:00
mageia
mageia
Updated harbour package fixes security vulnerability
2014-08-27 03:04:56
Updated liblzo packages fix CVE-2014-4607
2014-07-09 02:50:36
Updated distcc packages fix CVE-2014-4607
2014-09-01 14:44:17
suse
suse
Security update for lzo (important)
2014-07-16 19:04:17
Security update for lzo (important)
2014-07-31 19:04:17
centos
centos
lzo security update
2014-07-09 12:38:49
fedora
fedora
[SECURITY] Fedora 20 Update: dump-0.4-0.24.b44.fc20
2015-02-25 13:29:59
[SECURITY] Fedora 20 Update: lzo-2.08-1.fc20
2014-07-03 04:02:18
[SECURITY] Fedora 20 Update: grub2-2.00-27.fc20
2014-12-12 04:31:11
redhat
redhat
(RHSA-2014:0861) Moderate: lzo security update
2014-07-09 00:00:00
(RHSA-2014:0979) Moderate: rhev-hypervisor6 security and bug fix update
2014-07-29 00:00:00
debiancve
debiancve
CVE-2014-4607
2020-02-12 14:15:00
debian
debian
[DLA 35-1] lzo2 security update
2014-08-11 16:38:42
[SECURITY] [DSA 2995-1] lzo2 security update
2014-08-03 07:37:56
[SECURITY] [DSA 2995-1] lzo2 security update
2014-08-03 07:37:56
securityvulns
securityvulns
liblzo integer overflow
2014-07-22 00:00:00
prion
prion
Integer overflow
2020-02-12 14:15:00
ibm
ibm
Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607)
2018-06-15 07:06:27
Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 )
2018-06-16 21:46:13
Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.
2021-12-15 07:41:22
f5
f5
SOL95698826 - LZO vulnerability CVE-2014-4607
2016-02-03 00:00:00
K95698826 : LZO vulnerability CVE-2014-4607
2016-02-04 00:00:00
cve
cve
CVE-2014-4607
2020-02-12 14:15:00
freebsd
freebsd
krfb -- Possible Denial of Service or code execution via integer overflow
2014-08-03 00:00:00
oraclelinux
oraclelinux
lzo security update
2014-07-09 00:00:00
gentoo
gentoo
LZO: Multiple vulnerabilities
2017-01-02 00:00:00
BusyBox: Multiple vulnerabilities
2015-03-29 00:00:00
ubuntucve
ubuntucve
CVE-2014-4607
2014-07-09 00:00:00
amazon
amazon
Medium: lzo
2014-07-09 16:45:00
ubuntu
ubuntu
LZO vulnerability
2014-07-24 00:00:00
thn
thn
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
2014-06-27 05:43:00
JSON
Related for SECURITYVULNS:DOC:30947
veracode1nessus43openvas31osv1mageia14suse2centos1fedora15redhat2debiancve1debian5securityvulns1prion1ibm4f52cve1freebsd1oraclelinux1gentoo2ubuntucve1amazon1ubuntu1thn1