kernel-packages team mailing list archive

[John Johansen <john.johansen@xxxxxxxxxxxxx>]

** Description changed:

- All versions of the LZ4 software:https://code.google.com/p/lz4 Functions
- Affected:      lz4.c:LZ4_decompress_generic Criticality Reasoning
- --------------------- Due to the design of the algorithm, an attacker
- can specify any desired offset to a write pointer. The attacker can
- instrument the write in such a way as to only write four bytes at a
- specified offset. Subsequent code will allow the attacker to escape from
- the decompression algorithm without further memory corruption. This may
- allow the attacker to overwrite critical structures in memory that
- affect flow of execution. White DoS and OOW are obvious side effects of
- this flaw, RCE with respect to this flaw is untested. Vulnerability
- Description ------------------------- An integer overflow can occur when
- processing any variant of a "literal run" in the affected function.
+ Integer overflow in the LZ4 algorithm implementation, as used in Yann
+ Collet LZ4 before r118 and in the lz4_uncompress function in
+ lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit
+ platforms might allow context-dependent attackers to cause a denial of
+ service (memory corruption) or possibly have unspecified other impact
+ via a crafted Literal Run that would be improperly handled by programs
+ not complying with an API limitation, a different vulnerability than
+ CVE-2014-4715.
  
  Break-Fix: cffb78b0e0b3a30b059b27a1d97500cf6464efa9
  206204a1162b995e2185275167b22468c00d6b36

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1335314

Title:
  CVE-2014-4611

Status in “linux” package in Ubuntu:
  Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Invalid
Status in “linux-armadaxp” source package in Precise:
  Invalid
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  Invalid
Status in “linux-lts-raring” source package in Precise:
  Invalid
Status in “linux-lts-saucy” source package in Precise:
  Fix Committed
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Invalid
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  New
Status in “linux-lts-backport-natty” source package in Saucy:
  New
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Invalid
Status in “linux” source package in Trusty:
  Fix Committed
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Fix Committed
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  New
Status in “linux-lts-backport-natty” source package in Utopic:
  New
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  Integer overflow in the LZ4 algorithm implementation, as used in Yann
  Collet LZ4 before r118 and in the lz4_uncompress function in
  lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit
  platforms might allow context-dependent attackers to cause a denial of
  service (memory corruption) or possibly have unspecified other impact
  via a crafted Literal Run that would be improperly handled by programs
  not complying with an API limitation, a different vulnerability than
  CVE-2014-4715.

  Break-Fix: cffb78b0e0b3a30b059b27a1d97500cf6464efa9
  206204a1162b995e2185275167b22468c00d6b36

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335314/+subscriptions