[ALSA-2021:2575] Moderate: lz4 security update
Type:
security
Severity:
moderate
Release date:
2021-06-29
Description:
The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems. Security Fix(es): * lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages:
  • lz4-1.8.3-3.el8_4.x86_64.rpm
  • lz4-devel-1.8.3-3.el8_4.i686.rpm
  • lz4-devel-1.8.3-3.el8_4.x86_64.rpm
  • lz4-libs-1.8.3-3.el8_4.i686.rpm
  • lz4-libs-1.8.3-3.el8_4.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.