oss-sec mailing list archives
Re: LMS-2014-06-16-1: Oberhumer LZO
From: "H. Peter Anvin" <hpa () zytor com>
Date: Fri, 27 Jun 2014 14:46:16 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/26/2014 02:21 PM, Yves-Alexis Perez wrote:
- syslinux [5] seems to embeds lzo but I'm unsure if the vulnerable code is really present, I can't find lzo1x_decompress_safe() code
For the record, I just upgraded Syslinux to LZO 2.07. The only code that ends up in the Syslinux build at all changed only in comments and in #if'd out code. The only use of LZO is in the Syslinux core, which uses the assembly LZO implementation, which seems to have been unaffected. Syslinux does not use LZO on arbitrary data. -hpa -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTreYYAAoJEL2gYIVJO6zkF90P/RTyWaLtMMe24o1MfjgHOKsT bIypKYFGN3y0eU0I0ciMOiyuhLSLN7en/y8M558RjoKStriJ6yfQLiMJF4cxGBPJ J9GYoX9xT6/luBqefssCPB4uFeD+h/qYOlHxykq81I+c0bWsaunkHBAEmXlSihXe /Fu2dzDEm2bP7kYKx//t4tS2blU9papnFxMsQfc2NZV/U3xenhbHigOaibl5M4lv 6zpH/J6qT5kB5PdAWJBr9OqU6DrcSdUXYIC5YObUHtdoCiUeTjVJinQPoeghvhlY VCj3Q/t7/w2E7r5aQ8IHBan58vIK173F6+cOwdLQtfkQZT1Fqm71sXOx81dT/LcQ FYiofMtCyMar4d0JWKVlXzHy7U5sZ9/WmFJX6l2nyd56TQsCBBFJjml5n9O/KNqb AEJgsqIaTUTjzobECuQdfS8B/8PwUDcVq1uga3r8HawXeWa4NnBP0nFgLY+gD0b+ HD32+A80vc6YurQMvBVBlPwbFfbhcRsNLksKJdnOcE+hE9CgwsWsvSpS4B7NWsq4 QOSOgPkzjpztHJKV5TLuN9x02Cn1uRMFDL1Dv/v0ql5qlLDF6YrrLb7rQPoveDSx 8nvslwm3aHk1z2YOG9A2YQnI6qV4RCNkh3Y1wPz5jiqq5sadRKxg03xJQASFPHVM 6tSmhFkxfgIE7MFttcxV =AiFW -----END PGP SIGNATURE-----
Current thread:
- LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Yves-Alexis Perez (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO H. Peter Anvin (Jun 27)
- Re: LMS-2014-06-16-1: Oberhumer LZO Yves-Alexis Perez (Jun 28)
- Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer (Jun 26)