Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 18.04 LTS USN-4108-1 Critical: Libzstd Arbitrary Code Execution

ubuntu
Calendar Grey August 21, 2019
Dist Ubuntu Esm H88
A significant alert regarding a vulnerability in Ubuntu's libzstd, which could enable remote attackers to execute arbitrary code via intricately constructed inputs.
Zstandard could be made to execute arbitrary code if it received specially crafted input.

Summary

Zstandard could be made to execute arbitrary code if it received

specially crafted input.

Software Description:

- libzstd: fast lossless compression algorithm -- development files

Details:

It was discovered that Zstandard incorrectly handled certain inputs.

An attacker could possibly use this issue to execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libzstd1                        1.3.3+dfsg-2ubuntu1.1
  zstd                            1.3.3+dfsg-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4108-1

CVE-2019-11922

Severity
critical
Lowest
Low
Medium
High
Critical

August 21, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.