[Lucid][CVE-2014-4608][PATCH 0/2] lzo: check for length overrun in variable length encoding.

Luis Henriques luis.henriques at canonical.com
Mon Oct 20 16:12:57 UTC 2014


The fix for this CVE has been reverted upstream and a new fix is
available in 3.18-rc1.  Following this email, I am sending the revert
and the new fix for Lucid.

Willy Tarreau (2):
  Revert "lzo: properly check for overruns"
  lzo: check for length overrun in variable length encoding.

 lib/lzo/lzo1x_decompress_safe.c | 103 ++++++++++++++++++++++------------------
 1 file changed, 57 insertions(+), 46 deletions(-)

-- 
2.1.0




More information about the kernel-team mailing list