#5210: lzo-2.07
-------------------------+-------------------------
Reporter: izivkov | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: normal | Milestone: 7.6
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-------------------------
{{{
Changes in 2.07 (25 Jun 2014)
* Fixed a potential integer overflow condition in the "safe"
decompressor
variants which could result in a possible buffer overrun when
processing maliciously crafted compressed input data.
As this issue only affects 32-bit systems and also can only happen if
you use uncommonly huge buffer sizes where you have to decompress more
than 16 MiB (2^24 bytes) compressed bytes within a single function
call,
the practical implications are limited.
POTENTIAL SECURITY ISSUE.
* Removed support for ancient configurations like 16-bit "huge" pointers
-
LZO now requires a flat 32-bit or 64-bit memory model.
* Assorted cleanups.
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/5210>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
