Linux Kernel "lz4_uncompress ()" Integer Overflow Vulnerability
Release date:
Updated on:
Affected Systems:
Linux kernel 3.15.1
Linux kernel 3.14.8
Linux kernel 3.12.23
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-4611
Linux Kernel is the Kernel of the Linux operating system.
In Linux Kernel 3.12.23, 3.14.8, 3.15.1, the integer overflow vulnerability exists in the "lz4_uncompress ()" function (lib/lz4/lz4_decompress.c), which allows local users to exploit this vulnerability to cause memory corruption, this results in DOS and permission escalation.
<* Source: Don A. Bailey
Link: http://secunia.com/advisories/59567/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
Https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9
Https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.24
How to install Linux 3.11 Kernel on Ubuntu
The Ubuntu 13.10 (Saucy Salamander) Kernel has been upgraded to Linux Kernel 3.10 RC5
Linux Kernel 3.4.62 LTS is now available for download
How to install Linux kernel 13.10 On Ubuntu 3.12
Linux Kernel: click here
Linux Kernel: click here
This article permanently updates the link address: