![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
Re: LMS-2014-06-16-6: LZ4 Core
From: P J P <ppandit () redhat com>
Date: Thu, 3 Jul 2014 00:00:08 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For the record, -> http://blog.securitymouse.com/2014/07/i-was-wrong-proving-lz4-exploitable.html Summary: effectively, this post proves that - Exploits can be written against current implementations of LZ4 - Block sizes less than 8MB (and even less than 4MB) can be malicious - Certain platforms are more affected than others (primarily RISC: ARM) - Protecting against the 16MB and greater flaw was not sufficient - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTtE+wAAoJEN0TPTL+WwQf26AP/2tk/hf0iphw95CQ81FFWR65 oM94rpgVlzOA6TUBvvAOR/umuB7Kee6ws0AGWE/GvW1xrmuuGWrGSuZl0lMoG5uk Ae5WEyVAbJt1XL4iCBWr9YReTNCE7Y32gcL9AXE7gr3XZdEJ65pI0NMDL+icEUtL CRmjx67A2HCmOPqCEe7GNozWLZxsQJwFabHhqeC9QRZLRtO18pYwLJLE5B6xB+1u DvYnNExXj4a8/99sC5KBHg/JDd4a/1bOgGbV+smOAiKoRNIQk3XL2JN/IF6HZWpU Of/fxdfAHAwlhA7aslASD40ME713ONfb6qsnOKxOdI2aQJucyRuNtz00s+EB9wAu alqJ2EqGMpVEb5uzdoLLeUoWRJ86EfcYBCF8r/3axupnbgkj7RpCrOhzMjpMUC4N EmuT06GgzZAA5aIe5+NYFpV7F35kTFgTWy1T1OCoHQGcRLiSbjjITgZ98wonzbeX AZnAERRAR/YyTOW+TNAph5yIxWghjmVGL6S+5PX89VgcDLr2bOqsDGYoUS3x+8Qj HgEl8dONGTwT5mHFds987TQcIx12mPZM72zUVWrY93ScuHraHc150soERU2AmKCw D6fZSUKnJGOn9ymfCztucW4Xv5pOO0WIoLn+v8b+EUJRXTqt5DjmG/5Xut8bB96f +C2KC4R3rWep5t3J1CuQ =lMPc -----END PGP SIGNATURE-----
Current thread:
- Re: LMS-2014-06-16-6: LZ4 Core P J P (Jul 02)
- Re: LMS-2014-06-16-6: LZ4 Core P J P (Jul 03)