Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Ubuntu 16.04 ESM: USN-5720-1 Moderate: Libzstd Info Disclosure Threat

ubuntu
Calendar Grey November 9, 2022
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-5720-2 concerns flaws in libzstd that could allow for the potential leakage of confidential information via localized exploits.
Zstandard could be made to expose sensitive information

Summary

Zstandard could be made to expose sensitive information

Software Description:

- libzstd: fast lossless compression algorithm

Details:

It was discovered that Zstandard was not properly managing file

permissions when generating output files. A local attacker could

possibly use this issue to cause a race condition and gain

unauthorized access to sensitive data.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libzstd1 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3
   zstd 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5720-1

  CVE-2021-24031, CVE-2021-24032

November 09, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.