Another LZ4 Security Issue Analyzed
Written by Michael Larabel in Free Software on 13 July 2014 at 10:19 PM EDT. 7 Comments
Free Software
At the end of June I mentioned LZO and LZ4 security issues were uncovered while coming to light in the past week was another potential LZ4 security vulnerability for the lossless data compression library.

Phoronix reader OxBADCODE wrote in today explaining, "Another security issue has been found in LZ4 compression library. Buzz around LZ4 and LZO security issues has caused even more thorough code review of LZ4 library. As the result it has been discovered that in some rare circumstances LZ4 can potentially perform undesired memory accesses, which can be security issue on some architectures. This bug is hard to use for practical purposes, only happens on 32-bit architectures and only affects some of them (to the date its only known it could be potentially usable to conduct attacks on ARM). However, it still can be good idea to update LZ4 lib to newer version, r119, where this problem has been corrected."

The latest LZ4 security issue mentioned is this bug and analyzed in greater detail via this blog post.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the web-site in 2004 with a focus on enriching the Linux hardware experience and being the largest web-site devoted to Linux hardware reviews, particularly for products relevant to Linux gamers and enthusiasts but also commonly reviewing servers/workstations and embedded Linux devices. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics hardware drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated testing software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Free Software News
Popular News
Trending Reviews & Featured Articles