lz4-1.8.3-3.el8

エラータID: AXSA:2021-2184:01

Release date: 
Monday, July 12, 2021 - 06:19
Subject: 
lz4-1.8.3-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems.

Security Fix(es):

* lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Solution: 

Update packages.

CVEs: 
CVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
Additional Info: 

N/A

Download: 

SRPMS
  1. lz4-1.8.3-3.el8.src.rpm
    MD5: 14cbf11be9f349f786e266e1a6644e37
    SHA-256: 1fd20597c30f567c5f8c501df9e7e9edecb5c55cdccd5887eee1e4cd4e4394b1
    Size: 334.80 kB

Asianux Server 8 for x86_64
  1. lz4-1.8.3-3.el8.x86_64.rpm
    MD5: 959da5b2d0ff4407096791d6d083f1b5
    SHA-256: 45e893b27dfd68d8c40adfaf91fc7216f3ed5fcc4c14b7fafa506a93fe9c6b75
    Size: 102.45 kB
  2. lz4-devel-1.8.3-3.el8.x86_64.rpm
    MD5: e2433a2c13b300f89c853512199b5ae7
    SHA-256: 33291ae3d3c685f54f91346f6a17dfaafe8c543c19b0306e57d88dee61390788
    Size: 30.41 kB
  3. lz4-libs-1.8.3-3.el8.x86_64.rpm
    MD5: eb79ebfeac536c72f4cc636dc1148862
    SHA-256: 7aa10d0cfdafd8f2102611e1a73086fdb0e3288eac8f6b18ca9a3447a399604b
    Size: 64.72 kB
  4. lz4-devel-1.8.3-3.el8.i686.rpm
    MD5: d678f2515e5c495ceacd38dbd0fb1349
    SHA-256: 4ff2495838ff0e41c9821b4cd3274ee43e0ac6598ea16723e0bcc36b1c460965
    Size: 30.43 kB
  5. lz4-libs-1.8.3-3.el8.i686.rpm
    MD5: e47bdf27102f2e0fd11ef96b58c36a23
    SHA-256: 75ddd4eebf9ae23ea6dc50eaae47bef8deccbf7c644b331f9becd92a357d16c1
    Size: 65.77 kB