Mageia 2021-0322: zstd security update | LinuxSecurity.com

Advisories

MGASA-2021-0322 - Updated zstd packages fix a security vulnerability

Publication date: 09 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0322.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2021-24031

In the Zstandard command-line utility prior to v1.4.1, output files were
created with default permissions. Correct file permissions (matching the input)
would only be set at completion time. Output files could therefore be readable
or writable to unintended parties (CVE-2021-24031).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28444
- https://ubuntu.com/security/notices/USN-4760-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24031

SRPMS:
- 7/core/zstd-1.4.0-1.1.mga7

Mageia 2021-0322: zstd security update

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions

Summary

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties (CVE-2021-24031).

References

- https://bugs.mageia.org/show_bug.cgi?id=28444

- https://ubuntu.com/security/notices/USN-4760-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24031

Resolution

MGASA-2021-0322 - Updated zstd packages fix a security vulnerability

SRPMS

- 7/core/zstd-1.4.0-1.1.mga7

Severity
Publication date: 09 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0322.html
Type: security
CVE: CVE-2021-24031

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.