1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking Benchmarking Platform
Phoromatic Test Orchestration

LZO & LZ4 Security Vulnerabilities Disclosed

Free Software

Published on 28 June 2014 08:36 AM EDT
Written by Michael Larabel in Free Software
Add A Comment

The latest open-source security issues uncovered affect LZO and LZ4 and the issues run back years.

Phoronix reader "OxBADCODE" wrote in this morning to share, "Major security issue strikes 2 opensource compression libraries widely used in opensource world: LZO and LZ4. Interestingly, it appeared 20 years ago...While most use cases are not actually vulnerable due to use of blocks which are smaller than it takes to trigger bug, some applications could be vulnerable. Most notably, ffmpeg/libav appears to be affected by these bugs."

The issues were posted by Don A. Bailey of Lab Mouse Security. The LZO security issue is disclosed here and the LZ4 core issue here.

About The Author
Michael Larabel is the principal author of Phoronix.com and founded the web-site in 2004 with a focus on enriching the Linux hardware experience and being the largest web-site devoted to Linux hardware reviews, particularly for products relevant to Linux gamers and enthusiasts but also commonly reviewing servers/workstations and embedded Linux devices. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics hardware drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated testing software. He can be followed via and or contacted via .
Latest Linux News
  1. HiSense Chromebook Benchmarks When Running Ubuntu Linux
  2. Mandriva Linux Was Allegedly Brought Down By Employee Lawsuits
  3. GNOME 3.17.2 Is Released As The Latest Look Towards GNOME 3.18
  4. Phoronix Turns 11 Years Old Next Week: How Should We Celebrate?
  5. Ubuntu Community Council Reaffirms Its Decision Against Kubuntu's Leader
  6. Future Plans For Changing Fedora's Installer
  7. Confusion Mounts Over Wayland's Actual License
  8. GNOME's Mutter Now Supports Drag-n-Drop To/From Wayland & X11
  9. Wine 1.7.44 Works On More 64-bit ARM Support
  10. Phoronix Test Suite 5.8 Milestone 5 Brings Near Final "Belev" Experience
Latest Articles & Reviews
  1. Btrfs RAID 0/1/5/6/10 Five-Disk Benchmarks On Linux 4.1
  2. Opening The Gates To Our Daily Open-Source Linux Benchmark Results
  3. The Latest Features For Linux Performance Management + Benchmark Monitoring
  4. Noctua NH-U12DX i4 + NF-F12
Most Viewed News This Week
  1. NVIDIA's Proprietary Driver Is Moving Closer With Kernel Mode-Setting
  2. Zapcc Claims To Be A "Much Faster C++ Compiler"
  3. OpenWRT 15.05 Preparing Improved Security & Better Networking
  4. Features Added To Mesa 10.6 For Open-Source GPU Drivers
  5. Ubuntu's LXD vs. KVM For The Linux Cloud
  6. Friction Building Around An Ubuntu Community Council Decision
  7. The Latest Linux Kernel Git Code Fixes The EXT4 RAID0 Corruption Problem
  8. Fedora 22 Is Being Released Next Tuesday