Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
217
security advisorymoderatebuffer overflowOracle Linux 8: ELSA-2025-11035 lz4 Moderate CVE-2019-17543
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-11035 http://linux.oracle.com/errata/ELSA-2025-11035.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: lz4-1.8.3-5.el8_10.x86_64.rpm lz4-devel-1.8.3-5.el8_10.i686.rpm lz4-devel-1.8.3-5.el8_10.x86_64.rpm lz4-libs-1.8.3-5.el8_10.i686.rpm lz4-libs-1.8.3-5.el8_10.x86_64.rpm aarch64: lz4-1.8.3-5.el8_10.aarch64.rpm lz4-devel-1.8.3-5.el8_10.aarch64.rpm lz4-libs-1.8.3-5.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/lz4-1.8.3-5.el8_10.src.rpm Related CVEs: CVE-2019-17543 Description of changes: [1.8.3-5] - Fix a renamed variable in one of the patches - Since the variable was used in an assert, the regular build did not fail, but the QA builds did. - Related: RHEL-87362 [1.8.3-4] - Fix CVE-2019-17543 - Resolves: RHEL-87362 _______________________________________________ El-errata mailing list
Jul 16, 2025
Oracle
91
security advisorygentoomemory corruptionGentoo: GLSA-202406-04 Normal: LZ4 Memory Corruption Risk
A vulnerability has been discovered in LZ4, which can lead to memory corruption.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202406-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: LZ4: Memory Corruption Date: June 22, 2024 Bugs: #791952 ID: 202406-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in LZ4, which can lead to memory corruption. Background ========== LZ4 is a lossless compression algorithm, providing compression speed > 500 MB/s per core, scalable with multi-cores CPU. It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ app-arch/lz4 < 1.9.3-r1 > = 1.9.3-r1 Description =========== An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. Impact ====== The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. Workaround ========== There is no known workaround at this time. Resolution ========== All LZ4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/lz4-1.9.3-r1" References ========== [ 1 ] CVE-2021-3520 https://nvd.nist.gov/vuln/detail/CVE-2021-3520 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202406-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 22, 2024
Gentoo
219
security advisorymoderatesecurity updateRocky Linux 8 RLSA-2021:2575 Moderate: lz4 Security Update
Moderate: lz4 security update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2021:2575', 'synopsis': 'Moderate: lz4 security update', 'severity': 'Moderate', 'topic': 'An update for lz4 is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1954559'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3520.json:::CVE-2021-3520'], 'references': [], 'publishedAt': '2021-07-22T03:13:55.339818Z', 'rpms': ['lz4-1.8.3-3.el8_4.aarch64.rpm', 'lz4-1.8.3-3.el8_4.src.rpm', 'lz4-1.8.3-3.el8_4.x86_64.rpm', 'lz4-debuginfo-1.8.3-3.el8_4.aarch64.rpm', 'lz4-debuginfo-1.8.3-3.el8_4.i686.rpm', 'lz4-debuginfo-1.8.3-3.el8_4.x86_64.rpm', 'lz4-debugsource-1.8.3-3.el8_4.aarch64.rpm', 'lz4-debugsource-1.8.3-3.el8_4.i686.rpm', 'lz4-debugsource-1.8.3-3.el8_4.x86_64.rpm', 'lz4-devel-1.8.3-3.el8_4.aarch64.rpm', 'lz4-devel-1.8.3-3.el8_4.i686.rpm', 'lz4-devel-1.8.3-3.el8_4.x86_64.rpm', 'lz4-libs-1.8.3-3.el8_4.aarch64.rpm', 'lz4-libs-1.8.3-3.el8_4.i686.rpm', 'lz4-libs-1.8.3-3.el8_4.x86_64.rpm', 'lz4-libs-debuginfo-1.8.3-3.el8_4.aarch64.rpm', 'lz4-libs-debuginfo-1.8.3-3.el8_4.i686.rpm', 'lz4-libs-debuginfo-1.8.3-3.el8_4.x86_64.rpm']}\. An update for lz4 on RockyLinux 8 has been issued to mitigate moderate security vulnerabilities. Discover more details.. lz4 Security Update, Rocky Linux 8, Security Patch, Moderate Impact. . LinuxSecurity.com Team
Sep 02, 2022
Rocky Linux
89
security advisoryfedoracriticalFedora 36: FEDORA-2022-37aef44d1e Critical: LZ4 Golang Rebuild
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-37aef44d1e 2022-07-30 01:52:05.591856 --------------------------------------------------------------------------------Name : golang-github-pierrec-lz4 Product : Fedora 36 Version : 4.1.3 Release : 6.fc36 URL : https://github.com/pierrec/lz4 Summary : LZ4 compression and decompression in pure Go Description : Package lz4 implements reading and writing lz4 compressed data (a frame), as specified in http://fastcompression.blogspot.com/2013/04/lz4-streaming-format-final.html. This package is compatible with the LZ4 frame format although the block level compression and decompression functions are exposed and are fully compatible with the LZ4 block format definition, they are low level and should not be used directly. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028) --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 4.1.3-6 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-37aef44d1e' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
203
security advisoryinteger overflowMageiaMageia: 2021-0229 Critical Update for Lz4 Integer Overflow Threat
An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well (CVE-2021-3520). References: - https://bugs.mageia.org/show_bug.cgi?id=28990 - https://lists.debian.org/debian-security-announce/2021/msg00100.html . MGASA-2021-0229 - Updated lz4 packages fix a security vulnerability Publication date: 08 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0229.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-3520 An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well (CVE-2021-3520). References: - https://bugs.mageia.org/show_bug.cgi?id=28990 - https://lists.debian.org/debian-security-announce/2021/msg00100.html - https://ubuntu.com/security/notices/USN-4968-1 - https://www.cve.org/CVERecord?id=CVE-2021-3520 SRPMS: - 8/core/lz4-1.9.3-1.1.mga8 - 7/core/lz4-1.9.2-1.1.mga7 . Mageia 2022-0456 resolves a significant zlib vulnerability that could affect accessibility, reliability, and secrecy.. Mageia Security, Lz4 Update, Security Patch, Integer Overflow. . Severity: Critical. LinuxSecurity.com Team
Jun 08, 2021
•Critical
Mageia
100
security advisorysoftware updatememory corruptionSUSE: 2021:1825-1 Important: lz4 Memory Corruption Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for lz4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1825-1 Rating: important References: #1185438 Cross-References: CVE-2021-3520 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1825=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): liblz4-1-1.9.2-3.3.1 liblz4-1-debuginfo-1.9.2-3.3.1 liblz4-devel-1.9.2-3.3.1 lz4-1.9.2-3.3.1 lz4-debuginfo-1.9.2-3.3.1 lz4-debugsource-1.9.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): liblz4-1-32bit-1.9.2-3.3.1 liblz4-1-32bit-debuginfo-1.9.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3520.html https://bugzilla.suse.com/1185438 . SUSE Security Patch for zlib: Addresses CVE-2021-3521 related to memory leaks in essential modules.. SUSE Linux, Memory Corruption, Software Patch, Security Update. . Severity: Important. LinuxSecurity.com Team
Jun 01, 2021
•Important
SuSE
172
security advisorydenial of servicecritical threatUbuntu 16.04 ESM: USN-4968-2 Critical LZ4 Denial of Service
LZ4 could be made to crash or run programs if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-4968-2 May 31, 2021 lz4 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: LZ4 could be made to crash or run programs if it opened a specially crafted file. Software Description: - lz4: Extremely fast compression algorithm Details: USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: liblz4-1 0.0~r131-2ubuntu2+esm1 Ubuntu 14.04 ESM: liblz4-1 0.0~r114-2ubuntu1+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4968-2 https://ubuntu.com/security/notices/USN-4968-1 CVE-2021-3520 . An issue with LZ4 in certain Ubuntu versions poses a risk of system crashes or potential unauthorized code execution. Prompt patching is essential.. LZ4 Security Update, Ubuntu 16.04 ESM, Critical Threat. . Severity: Critical. LinuxSecurity.com Team
May 31, 2021
•Critical
Ubuntu
172
security advisorydenial of servicesecurity issueUbuntu 21.04 USN-4968-1 Critical: LZ4 Denial Of Service Issue
LZ4 could be made to crash or run programs if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-4968-1 May 26, 2021 lz4 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: LZ4 could be made to crash or run programs if it opened a specially crafted file. Software Description: - lz4: Extremely fast compression algorithm Details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially-crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: liblz4-1 1.9.3-1ubuntu0.1 Ubuntu 20.10: liblz4-1 1.9.2-2ubuntu0.20.10.1 Ubuntu 20.04 LTS: liblz4-1 1.9.2-2ubuntu0.20.04.1 Ubuntu 18.04 LTS: liblz4-1 0.0~r131-2ubuntu3.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4968-1 CVE-2021-3520 Package Information: https://launchpad.net/ubuntu/+source/lz4/1.9.3-1ubuntu0.1 https://launchpad.net/ubuntu/+source/lz4/1.9.2-2ubuntu0.20.10.1 https://launchpad.net/ubuntu/+source/lz4/1.9.2-2ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/lz4/0.0~r131-2ubuntu3.1 . Ubuntu Security Notice USN-4969-1 discusses a critical flaw in OpenSSL affecting different Ubuntu versions.. LZ4 Vulnerability, Denial of Service, Ubuntu Update. . Severity: Critical. LinuxSecurity.com Team
May 26, 2021
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!