LZO security bug might affect Busybox
Natanael Copa
ncopa at alpinelinux.org
Wed Jul 2 07:39:53 UTC 2014
On Mon, 30 Jun 2014 10:17:26 +0200
Denys Vlasenko <vda.linux at googlemail.com> wrote:
> On Saturday 28 June 2014 15:33, Isaac Dunham wrote:
> > There's an integer overflow in LZO (LMS-2014-06-16-1):
> > http://www.openwall.com/lists/oss-security/2014/06/26/20
> >
> > I suspect that this affects Busybox; the code would be in
> > archival/libarchive/lzo1x_d.c
> > But I wouldn't be able to verify that or to fix it.
>
> Thanks for the report.
>
> Fixed in git just now.
I think this also should be added to
http://busybox.net/downloads/fixes-1.22.1/
Thanks!
-nc
More information about the busybox
mailing list