[SECURITY] Fedora 20 Update: lzo-2.08-1.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jul 3 04:02:18 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-7926
2014-06-30 22:19:55
--------------------------------------------------------------------------------
Name : lzo
Product : Fedora 20
Version : 2.08
Release : 1.fc20
URL : http://www.oberhumer.com/opensource/lzo/
Summary : Data compression library with very fast (de)compression
Description :
LZO is a portable lossless data compression library written in ANSI C.
It offers pretty fast compression and very fast decompression.
Decompression requires no memory. In addition there are slower
compression levels achieving a quite competitive compression ratio
while still decompressing at this very high speed.
--------------------------------------------------------------------------------
Update Information:
New upstream
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 30 2014 Huzaifa Sidhpurwala <huzaifas at redhat.com> - 2.08-1
- New upstream
- Fix CVE-2014-4607
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1114304 - lzo-2.08 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1114304
[ 2 ] Bug #1114230 - update lzo to 2.07
https://bugzilla.redhat.com/show_bug.cgi?id=1114230
[ 3 ] Bug #1113874 - CVE-2014-4607 LZO: lzo1x_decompress_safe() integer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1113874
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update lzo' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list