URL:
<http://savannah.gnu.org/bugs/?42635>
Summary: minilzo: Embedded LZO vulnerability (CVE-2014-4607)
Project: GNU GRUB
Submitted by: kristianf
Submitted on: Fri 27 Jun 2014 04:06:24 PM GMT
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release:
Release: Git master
Reproducibility: None
Planned Release: None
_______________________________________________________
Details:
Hi,
A security issue was raised[0] regarding implementation of LZO which is fixed
in Oberhumer's LZO version 2.07 and allocated CVE-2014-4607. Further it is
suggested that grub might be affected to this vulnerability by embedding a
version of the affected code (minilzo)[1]. It would be appreciated to get a
comment on the applicability and a possible fix for this issue.
References:
[0] http://seclists.org/oss-sec/2014/q2/665
[1] http://seclists.org/oss-sec/2014/q2/676
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42635>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-grub mailing list
Bug-grub@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-grub
