Updated icecream package fixes security vulnerability

🗓️ 26 Aug 2014 23:04:56Reported by Gentoo FoundationType

Updated icecream package fixes security vulnerability. Integer overflow in liblzo before 2.07 allows attackers to cause denial of service or code execution in applications using LZO decompression on a compressed payload (CVE-2014-4607). Icecream package built with bundled copy of minilzo, containing vulnerable code

Reporter	Title	Published	Views	Family All 186
IBM Security Bulletins	Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.	15 Dec 202107:41	–	ibm
IBM Security Bulletins	IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index	31 Jan 202100:10	–	ibm
IBM Security Bulletins	Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607)	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 )	16 Jun 201821:46	–	ibm
Amazon	Medium: lzo	9 Jul 201400:00	–	amazon
Tenable Nessus	Amazon Linux AMI : lzo (ALAS-2014-373)	12 Oct 201400:00	–	nessus
Tenable Nessus	CentOS 6 / 7 : lzo (CESA-2014:0861)	10 Jul 201400:00	–	nessus
Tenable Nessus	Debian DLA-2559-1 : busybox security update	16 Feb 202100:00	–	nessus
Tenable Nessus	Debian DLA-35-1 : lzo2 security update	26 Mar 201500:00	–	nessus
Tenable Nessus	Debian DSA-2995-1 : lzo2 - security update	4 Aug 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	3	any	icecream	0.9.7-4.1	icecream-0.9.7-4.1.noarch.rpm
Mageia	4	any	icecream	1.0.0-3.1	icecream-1.0.0-3.1.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
advisories	www.advisories.mageia.org/MGASA-2014-0290.html

26 Aug 2014 23:04Current

9.3High risk

Vulners AI Score9.3

CVSS 26.8

CVSS 3.18.8

EPSS0.11033