UbuntuUpdates.org

Package "libzstd"

Name: libzstd

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • fast lossless compression algorithm -- CLI tool
Latest version: 1.3.3+dfsg-2ubuntu1.2
Release: bionic (18.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libzstd" in Bionic

Repository Area Version
base main 1.3.3+dfsg-2ubuntu1
base universe 1.3.3+dfsg-2ubuntu1
security main 1.3.3+dfsg-2ubuntu1.2
updates universe 1.3.3+dfsg-2ubuntu1.2
updates main 1.3.3+dfsg-2ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.3+dfsg-2ubuntu1.2 2021-03-08 20:07:31 UTC

  libzstd (1.3.3+dfsg-2ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: race condition allows attacker to access
    world-readable destination file
    - debian/patches/0017-fix-file-permissions-on-compression.patch: set
      umask in programs/fileio.c, programs/util.h.
    - CVE-2021-24031
    - CVE-2021-24032

 -- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 10:51:37 -0500
Source diff to previous version
CVE-2021-24031 In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the inp
CVE-2021-24032 Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with de

Version: 1.3.3+dfsg-2ubuntu1.1 2019-08-21 15:06:19 UTC

  libzstd (1.3.3+dfsg-2ubuntu1.1) bionic-security; urgency=medium

  [ Eduardo Barretto ]
  * SECURITY UPDATE: Race condition in the one-pass compression functions could
    allow an attacker to write bytes out of bounds.
    - debian/patches/CVE-2019-11922.patch: Fix race condition.
    - CVE-2019-11922

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 20 Aug 2019 15:19:17 -0300
CVE-2019-11922 A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an


About   -   Send Feedback to @ubuntu_updates