Package name
liblzo
Date
2014-07-10
Advisory ID
MDVSA-2014:134
Affected versions
MBS1 x86_64

Problem description

Updated liblzo packages fix security vulnerability:

An integer overflow in liblzo before 2.07 allows attackers to
cause a denial of service or possibly code execution in applications
performing LZO decompression on a compressed payload from the attacker
(CVE-2014-4607).

Updated packages

MBS1 x86_64

 676e82c5705e8cdfac0d1f6882acd47e  mbs1/x86_64/lib64lzo2_2-2.08-1.mbs1.x86_64.rpm
 f48366ad7bfcda9dbb90c089893d46c7  mbs1/x86_64/lib64lzo-devel-2.08-1.mbs1.x86_64.rpm 
 ed9f749c9fd0b4210335f7bf4fc46398  mbs1/SRPMS/liblzo-2.08-1.mbs1.src.rpm

References