ALAS-2014-373


Amazon Linux 1 Security Advisory: ALAS-2014-373
Advisory Release Date: 2014-07-09 16:45 Pacific
Advisory Updated Date: 2014-09-19 10:36 Pacific
Severity: Medium

Issue Overview:

An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code. (CVE-2014-4607)


Affected Packages:

lzo


Issue Correction:
Run yum update lzo to update your system.

New Packages:
i686:
    lzo-minilzo-2.08-1.5.amzn1.i686
    lzo-2.08-1.5.amzn1.i686
    lzo-debuginfo-2.08-1.5.amzn1.i686
    lzo-devel-2.08-1.5.amzn1.i686

src:
    lzo-2.08-1.5.amzn1.src

x86_64:
    lzo-debuginfo-2.08-1.5.amzn1.x86_64
    lzo-devel-2.08-1.5.amzn1.x86_64
    lzo-minilzo-2.08-1.5.amzn1.x86_64
    lzo-2.08-1.5.amzn1.x86_64