[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)

From: Vladimir Serbinenko
Subject: [bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)
Date: Fri, 27 Jun 2014 16:48:35 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Follow-up Comment #1, bug #42635 (project grub):

May be a problem when using btrfs with lzo compression. But it's unlikely. If
attacker can write to files used by GRUB, you have a bigger problems.
In cases when signatures used (if disk replacement is a possible attack
scenario), the signatures are checked before the decompression, so not a
problem either.
Nevertheless, I'll correct the mistake, thank you for forwarding this.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]