Уязвимость CVE-2014-4611: Информация

Описание

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

Важность: MEDIUM (5,0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-4611

Опубликовано: 3 июля 2014 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-20

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
kernel-image-std-def	sisyphus	3.18.21-alt1	6.1.93-alt1	ALT-PU-2015-1794-1	149359	Исправлено
kernel-image-std-def	p10	3.18.21-alt1	5.10.218-alt1	ALT-PU-2015-1794-1	149359	Исправлено
kernel-image-std-def	p9	3.18.21-alt1	5.4.277-alt1	ALT-PU-2015-1794-1	149359	Исправлено
kernel-image-std-def	c9f2	3.18.21-alt1	5.10.214-alt0.c9f.2	ALT-PU-2015-1794-1	149359	Исправлено
kernel-image-std-def	c7	4.4.93-alt0.M70C.1	4.4.277-alt0.M70C.1	ALT-PU-2017-2509-1	191210	Исправлено
kernel-image-std-def	p11	3.18.21-alt1	6.1.91-alt1	ALT-PU-2015-1794-1	149359	Исправлено
kernel-image-un-def	sisyphus	3.15.2-alt1	6.6.33-alt1	ALT-PU-2014-1847-1	122470	Исправлено
kernel-image-un-def	p10	3.15.2-alt1	6.1.90-alt1	ALT-PU-2014-1847-1	122470	Исправлено
kernel-image-un-def	p9	3.15.2-alt1	5.10.218-alt1	ALT-PU-2014-1847-1	122470	Исправлено
kernel-image-un-def	c10f1	3.15.2-alt1	6.1.85-alt0.c10f.1	ALT-PU-2014-1847-1	122470	Исправлено
kernel-image-un-def	c9f2	3.15.2-alt1	5.10.29-alt2	ALT-PU-2014-1847-1	122470	Исправлено
kernel-image-un-def	c7	3.15.2-alt1	4.9.277-alt0.M70C.1	ALT-PU-2014-1849-1	122501	Исправлено
kernel-image-un-def	p11	3.15.2-alt1	6.6.31-alt1	ALT-PU-2014-1847-1	122470	Исправлено
usbip	sisyphus	5.10-alt1	5.10-alt1	ALT-PU-2023-1798-1	320453	Исправлено
usbip	sisyphus_e2k	5.10-alt1	5.10-alt1	ALT-PU-2023-7452-1	-	Исправлено
usbip	p10	5.10-alt1	5.10-alt1	ALT-PU-2023-1903-1	320461	Исправлено
usbip	p10_e2k	5.10-alt1	5.10-alt1	ALT-PU-2023-7498-1	-	Исправлено
usbip	p11	5.10-alt1	5.10-alt1	ALT-PU-2023-1798-1	320453	Исправлено
xen	p10	4.4.1-alt1	4.14.1-alt2	ALT-PU-2014-2061-1	128919	Исправлено
xen	p9	4.4.1-alt1	4.10.3-alt1	ALT-PU-2014-2061-1	128919	Исправлено
xen	c10f1	4.4.1-alt1	4.14.1-alt2	ALT-PU-2014-2061-1	128919	Исправлено
xen	c9f2	4.4.1-alt1	4.10.3-alt1	ALT-PU-2014-2061-1	128919	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html	Third Party Advisory
[oss-security] 20140626 LMS-2014-06-16-5: Linux Kernel LZ4	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1112436	Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36	Third Party Advisory
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html	Third Party Advisory
https://code.google.com/p/lz4/source/detail?r=118	Third Party Advisory
https://code.google.com/p/lz4/issues/detail?id=52	Third Party Advisory
https://www.securitymouse.com/lms-2014-06-16-5	Broken Link
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2	Vendor Advisory
https://www.securitymouse.com/lms-2014-06-16-6	Broken Link
http://twitter.com/djrbliss/statuses/484931749013495809	Third Party Advisory
http://twitter.com/djrbliss/statuses/485042901399789568	Third Party Advisory
1030491	Third Party Advisory VDB Entry
59770	Third Party Advisory
60238	Third Party Advisory
59567	Third Party Advisory
openSUSE-SU-2014:0924	Mailing List Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206204a1162b995e2185275167b22468c00d6b36
[hadoop-common-issues] 20210916 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
[hadoop-common-dev] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
[hadoop-common-issues] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
[hadoop-common-issues] 20210920 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
[hadoop-common-issues] 20210920 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
[hadoop-common-issues] 20210921 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
[hadoop-common-issues] 20210921 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
[hadoop-common-issues] 20210921 [jira] [Comment Edited] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
[hadoop-common-commits] 20210924 [hadoop] branch branch-3.2.3 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
[hadoop-common-issues] 20210924 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
[hadoop-common-commits] 20210924 [hadoop] branch branch-3.2 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
[hadoop-common-issues] 20210924 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
[hadoop-common-issues] 20210928 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  End excliding
  3.15.2

Версия: v24.5.3

Наверх

Уязвимость CVE-2014-4611: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1