UbuntuUpdates.org

Package "libzstd1"

Name: libzstd1

Description:

fast lossless compression algorithm
Latest version: 1.3.3+dfsg-2ubuntu1.2
Release: bionic (18.04)
Level: security
Repository: main
Head package: libzstd
Homepage: https://github.com/facebook/zstd

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libzstd1"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libzstd1" in Bionic

Repository Area Version
base main 1.3.3+dfsg-2ubuntu1
updates main 1.3.3+dfsg-2ubuntu1.2

Changelog

Version: 1.3.3+dfsg-2ubuntu1.2 2021-03-08 20:07:29 UTC

  libzstd (1.3.3+dfsg-2ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: race condition allows attacker to access
    world-readable destination file
    - debian/patches/0017-fix-file-permissions-on-compression.patch: set
      umask in programs/fileio.c, programs/util.h.
    - CVE-2021-24031
    - CVE-2021-24032

 -- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 10:51:37 -0500
Source diff to previous version
CVE-2021-24031 In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the inp
CVE-2021-24032 Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with de

Version: 1.3.3+dfsg-2ubuntu1.1 2019-08-21 15:06:18 UTC

  libzstd (1.3.3+dfsg-2ubuntu1.1) bionic-security; urgency=medium

  [ Eduardo Barretto ]
  * SECURITY UPDATE: Race condition in the one-pass compression functions could
    allow an attacker to write bytes out of bounds.
    - debian/patches/CVE-2019-11922.patch: Fix race condition.
    - CVE-2019-11922

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 20 Aug 2019 15:19:17 -0300
CVE-2019-11922 A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an


About   -   Send Feedback to @ubuntu_updates