Fedora 20 : icecream-1.0.1-8.20140822git.fc20 (2014-10468)

This updates icecream to the current version from upstream git repository. It drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. CVE-2014-4607 Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...

Updated dump package fix CVE-2014-4607

Updated dump packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The dump package is buil...

Updated blender package fixes CVE-2014-4607

Updated blender package fixes security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The blender package ...

Updated x11vnc packages fix security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...

Updated kdenetwork4 packages fixes security vulnerability in krfb

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...

Updated icecream package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The icecream package is built with a bundled copy of minilzo, which is a...

Updated grub2 package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The grub2 package is built with a bundled copy of minilzo, which is a part...

Updated italc package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The italc package is built with a bundled copy of minilzo, which is a part...

Updated mednafen packages fix CVE-2014-4607

The bundled version of minilzo.c in the mednafen package has been updated to version 2.08 to fix the following security vulnerability: An integer overflow in minilzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO...

Fedora 19 : krfb-4.11.5-3.fc19 (2014-9151)

Avoid possible denial of service or code execution via integer overflow by using patched system minilzo instead of vulnerable bundled copy. See also: http://www.kde.org/info/security/advisory-20140803-1.txt Note that Tenable Network Security has extracted the preceding description block directly...

CVE-2014-4607

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run...