UbuntuUpdates.org

Package "libzstd"

Name: libzstd

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • fast lossless compression algorithm -- development files
  • fast lossless compression algorithm

Latest version: 1.4.5+dfsg-4ubuntu0.1
Release: groovy (20.10)
Level: updates
Repository: main

Links



Other versions of "libzstd" in Groovy

Repository Area Version
base universe 1.4.5+dfsg-4
base main 1.4.5+dfsg-4
security main 1.4.5+dfsg-4ubuntu0.1
security universe 1.4.5+dfsg-4ubuntu0.1
updates universe 1.4.5+dfsg-4ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.4.5+dfsg-4ubuntu0.1 2021-03-08 20:07:36 UTC

  libzstd (1.4.5+dfsg-4ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: race condition allows attacker to access
    world-readable destination file
    - debian/patches/0018-fix-file-permissions-on-compression.patch: set
      umask in programs/fileio.c, programs/util.c, programs/util.h.
    - CVE-2021-24031
    - CVE-2021-24032

 -- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 10:41:23 -0500

CVE-2021-24031 In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the inp
CVE-2021-24032 Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with de



About   -   Send Feedback to @ubuntu_updates