Mageia 2021-0322: zstd security update
Summary
In the Zstandard command-line utility prior to v1.4.1, output files were
created with default permissions. Correct file permissions (matching the input)
would only be set at completion time. Output files could therefore be readable
or writable to unintended parties (CVE-2021-24031).
References
- https://bugs.mageia.org/show_bug.cgi?id=28444
- https://ubuntu.com/security/notices/USN-4760-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24031
Resolution
MGASA-2021-0322 - Updated zstd packages fix a security vulnerability
SRPMS
- 7/core/zstd-1.4.0-1.1.mga7