Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE Leap 15.2: 2020:2337-1 Moderate: Blosc Compression Flaw

opensuse
Calendar Grey December 26, 2020
Dist Opensuse Esm H88
The Fedora toolchain enhancement tackles vulnerabilities while boosting efficiency and speeding up compilation processes for increased security.
An update that solves one vulnerability and has one errata is now available.

Description

This update for blosc fixes the following issues:

Update to version 1.20.1 boo#1179914 CVE-2020-29367:

* More saftey checks have been implemented so that potential flaws

discovered by new fuzzers in OSS-Fuzzer are fixed now

* BloscLZ updated to 2.3.0. Expect better compression ratios for faster

codecs. For details, see our new blog post:

https://blosc.org/posts/beast-release/

* Fixed the _xgetbv() collision. Thanks to Micha?? G??rny (@mgorny).

Update to version 1.19.0:

* The length of automatic blocksizes for fast codecs (lz4, blosclz) has

been incremented quite a bit (up to 256 KB) for better compression

ratios.

* The performance in modern CPUs (with at least 256 KB in L2 cache) should

be better too (for older CPUs the performance should stay roughly the

same).

* For small buffers that cannot be compressed (typically < 128 bytes),

blosc_compress() returns now a 0 (cannot compress) instead of a negative

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update vulnerability moderate threat openSUSE patch instructions blosc compression flaw

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2337=1

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2337=1

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-2337=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-2337=1

Package List

- openSUSE Leap 15.2 (x86_64):

blosc-debugsource-1.20.1-lp152.4.3.1

blosc-devel-1.20.1-lp152.4.3.1

libblosc1-1.20.1-lp152.4.3.1

libblosc1-debuginfo-1.20.1-lp152.4.3.1

- openSUSE Leap 15.1 (x86_64):

blosc-debugsource-1.20.1-lp151.3.3.1

blosc-devel-1.20.1-lp151.3.3.1

libblosc1-1.20.1-lp151.3.3.1

libblosc1-debuginfo-1.20.1-lp151.3.3.1

- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

blosc-debugsource-1.20.1-bp152.4.3.1

blosc-devel-1.20.1-bp152.4.3.1

libblosc1-1.20.1-bp152.4.3.1

libblosc1-debuginfo-1.20.1-bp152.4.3.1

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

blosc-devel-1.20.1-bp151.4.3.1

libblosc1-1.20.1-bp151.4.3.1

References

https://www.suse.com/security/cve/CVE-2020-29367.html

https://bugzilla.suse.com/1174075

https://bugzilla.suse.com/1179914

--===============3298343772566681392=

Announcement ID: openSUSE-SU-2020:2337-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 le.

Topics%20covered

Topics Covered

security advisory update vulnerability moderate threat openSUSE patch instructions blosc compression flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here