UbuntuUpdates.org

Package "zstd"

Name: zstd

Description:

fast lossless compression algorithm -- CLI tool

Latest version: 1.4.4+dfsg-3ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: libzstd
Homepage: https://github.com/facebook/zstd

Links


Download "zstd"


Other versions of "zstd" in Focal

Repository Area Version
base universe 1.4.4+dfsg-3
updates universe 1.4.4+dfsg-3ubuntu0.1

Changelog

Version: 1.4.4+dfsg-3ubuntu0.1 2021-03-08 20:07:34 UTC

  libzstd (1.4.4+dfsg-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: race condition allows attacker to access
    world-readable destination file
    - debian/patches/0018-fix-file-permissions-on-compression.patch: set
      umask in programs/fileio.c, programs/util.c, programs/util.h.
    - CVE-2021-24031
    - CVE-2021-24032

 -- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 10:47:34 -0500

CVE-2021-24031 In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the inp
CVE-2021-24032 Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with de



About   -   Send Feedback to @ubuntu_updates