[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)

Vladimir Serbinenko Fri, 27 Jun 2014 09:49:28 -0700

Follow-up Comment #1, bug #42635 (project grub):

May be a problem when using btrfs with lzo compression. But it's unlikely. If
attacker can write to files used by GRUB, you have a bigger problems.
In cases when signatures used (if disk replacement is a possible attack
scenario), the signatures are checked before the decompression, so not a
problem either.
Nevertheless, I'll correct the mistake, thank you for forwarding this.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?42635>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/


_______________________________________________
Bug-grub mailing list
Bug-grub@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-grub

[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)

Reply via email to