Upstream information

CVE-2014-4611 at MITRE

Description

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Note from the SUSE Security Team

The LZ4 compression module is not present in SUSE Linux Enterprise 11, so this codebase is not affected by this problem.

SUSE Bugzilla entries: 883949 [RESOLVED / FIXED], 885389 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • cloop >= 2.639-11.16.1
  • cloop-debuginfo >= 2.639-11.16.1
  • cloop-debugsource >= 2.639-11.16.1
  • cloop-kmp-default >= 2.639_k3.11.10_25-11.16.1
  • cloop-kmp-default-debuginfo >= 2.639_k3.11.10_25-11.16.1
  • cloop-kmp-desktop >= 2.639_k3.11.10_25-11.16.1
  • cloop-kmp-desktop-debuginfo >= 2.639_k3.11.10_25-11.16.1
  • cloop-kmp-pae >= 2.639_k3.11.10_25-11.16.1
  • cloop-kmp-pae-debuginfo >= 2.639_k3.11.10_25-11.16.1
  • cloop-kmp-xen >= 2.639_k3.11.10_25-11.16.1
  • cloop-kmp-xen-debuginfo >= 2.639_k3.11.10_25-11.16.1
  • crash >= 7.0.2-2.16.1
  • crash-debuginfo >= 7.0.2-2.16.1
  • crash-debugsource >= 7.0.2-2.16.1
  • crash-devel >= 7.0.2-2.16.1
  • crash-doc >= 7.0.2-2.16.1
  • crash-eppic >= 7.0.2-2.16.1
  • crash-eppic-debuginfo >= 7.0.2-2.16.1
  • crash-gcore >= 7.0.2-2.16.1
  • crash-gcore-debuginfo >= 7.0.2-2.16.1
  • crash-kmp-default >= 7.0.2_k3.11.10_25-2.16.1
  • crash-kmp-default-debuginfo >= 7.0.2_k3.11.10_25-2.16.1
  • crash-kmp-desktop >= 7.0.2_k3.11.10_25-2.16.1
  • crash-kmp-desktop-debuginfo >= 7.0.2_k3.11.10_25-2.16.1
  • crash-kmp-pae >= 7.0.2_k3.11.10_25-2.16.1
  • crash-kmp-pae-debuginfo >= 7.0.2_k3.11.10_25-2.16.1
  • crash-kmp-xen >= 7.0.2_k3.11.10_25-2.16.1
  • crash-kmp-xen-debuginfo >= 7.0.2_k3.11.10_25-2.16.1
  • eet >= 1.7.8-2.4.1
  • eet-debuginfo >= 1.7.8-2.4.1
  • eet-debugsource >= 1.7.8-2.4.1
  • eet-devel >= 1.7.8-2.4.1
  • eet-doc-html >= 1.7.8-2.4.1
  • eet-examples >= 1.7.8-2.4.1
  • hdjmod >= 1.28-16.16.1
  • hdjmod-debugsource >= 1.28-16.16.1
  • hdjmod-kmp-default >= 1.28_k3.11.10_25-16.16.1
  • hdjmod-kmp-default-debuginfo >= 1.28_k3.11.10_25-16.16.1
  • hdjmod-kmp-desktop >= 1.28_k3.11.10_25-16.16.1
  • hdjmod-kmp-desktop-debuginfo >= 1.28_k3.11.10_25-16.16.1
  • hdjmod-kmp-pae >= 1.28_k3.11.10_25-16.16.1
  • hdjmod-kmp-pae-debuginfo >= 1.28_k3.11.10_25-16.16.1
  • hdjmod-kmp-xen >= 1.28_k3.11.10_25-16.16.1
  • hdjmod-kmp-xen-debuginfo >= 1.28_k3.11.10_25-16.16.1
  • ipset >= 6.21.1-2.20.1
  • ipset-debuginfo >= 6.21.1-2.20.1
  • ipset-debugsource >= 6.21.1-2.20.1
  • ipset-devel >= 6.21.1-2.20.1
  • ipset-kmp-default >= 6.21.1_k3.11.10_25-2.20.1
  • ipset-kmp-default-debuginfo >= 6.21.1_k3.11.10_25-2.20.1
  • ipset-kmp-desktop >= 6.21.1_k3.11.10_25-2.20.1
  • ipset-kmp-desktop-debuginfo >= 6.21.1_k3.11.10_25-2.20.1
  • ipset-kmp-pae >= 6.21.1_k3.11.10_25-2.20.1
  • ipset-kmp-pae-debuginfo >= 6.21.1_k3.11.10_25-2.20.1
  • ipset-kmp-xen >= 6.21.1_k3.11.10_25-2.20.1
  • ipset-kmp-xen-debuginfo >= 6.21.1_k3.11.10_25-2.20.1
  • iscsitarget >= 1.4.20.3-13.16.1
  • iscsitarget-debuginfo >= 1.4.20.3-13.16.1
  • iscsitarget-debugsource >= 1.4.20.3-13.16.1
  • iscsitarget-kmp-default >= 1.4.20.3_k3.11.10_25-13.16.1
  • iscsitarget-kmp-default-debuginfo >= 1.4.20.3_k3.11.10_25-13.16.1
  • iscsitarget-kmp-desktop >= 1.4.20.3_k3.11.10_25-13.16.1
  • iscsitarget-kmp-desktop-debuginfo >= 1.4.20.3_k3.11.10_25-13.16.1
  • iscsitarget-kmp-pae >= 1.4.20.3_k3.11.10_25-13.16.1
  • iscsitarget-kmp-pae-debuginfo >= 1.4.20.3_k3.11.10_25-13.16.1
  • iscsitarget-kmp-xen >= 1.4.20.3_k3.11.10_25-13.16.1
  • iscsitarget-kmp-xen-debuginfo >= 1.4.20.3_k3.11.10_25-13.16.1
  • kernel-debug >= 3.11.10-25.1
  • kernel-debug-base >= 3.11.10-25.1
  • kernel-debug-base-debuginfo >= 3.11.10-25.1
  • kernel-debug-debuginfo >= 3.11.10-25.1
  • kernel-debug-debugsource >= 3.11.10-25.1
  • kernel-debug-devel >= 3.11.10-25.1
  • kernel-debug-devel-debuginfo >= 3.11.10-25.1
  • kernel-default >= 3.11.10-25.1
  • kernel-default-base >= 3.11.10-25.1
  • kernel-default-base-debuginfo >= 3.11.10-25.1
  • kernel-default-debuginfo >= 3.11.10-25.1
  • kernel-default-debugsource >= 3.11.10-25.1
  • kernel-default-devel >= 3.11.10-25.1
  • kernel-default-devel-debuginfo >= 3.11.10-25.1
  • kernel-desktop >= 3.11.10-25.1
  • kernel-desktop-base >= 3.11.10-25.1
  • kernel-desktop-base-debuginfo >= 3.11.10-25.1
  • kernel-desktop-debuginfo >= 3.11.10-25.1
  • kernel-desktop-debugsource >= 3.11.10-25.1
  • kernel-desktop-devel >= 3.11.10-25.1
  • kernel-desktop-devel-debuginfo >= 3.11.10-25.1
  • kernel-devel >= 3.11.10-25.1
  • kernel-docs >= 3.11.10-25.2
  • kernel-ec2 >= 3.11.10-25.1
  • kernel-ec2-base >= 3.11.10-25.1
  • kernel-ec2-base-debuginfo >= 3.11.10-25.1
  • kernel-ec2-debuginfo >= 3.11.10-25.1
  • kernel-ec2-debugsource >= 3.11.10-25.1
  • kernel-ec2-devel >= 3.11.10-25.1
  • kernel-ec2-devel-debuginfo >= 3.11.10-25.1
  • kernel-pae >= 3.11.10-25.1
  • kernel-pae-base >= 3.11.10-25.1
  • kernel-pae-base-debuginfo >= 3.11.10-25.1
  • kernel-pae-debuginfo >= 3.11.10-25.1
  • kernel-pae-debugsource >= 3.11.10-25.1
  • kernel-pae-devel >= 3.11.10-25.1
  • kernel-pae-devel-debuginfo >= 3.11.10-25.1
  • kernel-source >= 3.11.10-25.1
  • kernel-source-vanilla >= 3.11.10-25.1
  • kernel-syms >= 3.11.10-25.1
  • kernel-trace >= 3.11.10-25.1
  • kernel-trace-base >= 3.11.10-25.1
  • kernel-trace-base-debuginfo >= 3.11.10-25.1
  • kernel-trace-debuginfo >= 3.11.10-25.1
  • kernel-trace-debugsource >= 3.11.10-25.1
  • kernel-trace-devel >= 3.11.10-25.1
  • kernel-trace-devel-debuginfo >= 3.11.10-25.1
  • kernel-vanilla >= 3.11.10-25.1
  • kernel-vanilla-debuginfo >= 3.11.10-25.1
  • kernel-vanilla-debugsource >= 3.11.10-25.1
  • kernel-vanilla-devel >= 3.11.10-25.1
  • kernel-vanilla-devel-debuginfo >= 3.11.10-25.1
  • kernel-xen >= 3.11.10-25.1
  • kernel-xen-base >= 3.11.10-25.1
  • kernel-xen-base-debuginfo >= 3.11.10-25.1
  • kernel-xen-debuginfo >= 3.11.10-25.1
  • kernel-xen-debugsource >= 3.11.10-25.1
  • kernel-xen-devel >= 3.11.10-25.1
  • kernel-xen-devel-debuginfo >= 3.11.10-25.1
  • libeet1 >= 1.7.8-2.4.1
  • libeet1-debuginfo >= 1.7.8-2.4.1
  • libipset3 >= 6.21.1-2.20.1
  • libipset3-debuginfo >= 6.21.1-2.20.1
  • ndiswrapper >= 1.58-16.1
  • ndiswrapper-debuginfo >= 1.58-16.1
  • ndiswrapper-debugsource >= 1.58-16.1
  • ndiswrapper-kmp-default >= 1.58_k3.11.10_25-16.1
  • ndiswrapper-kmp-default-debuginfo >= 1.58_k3.11.10_25-16.1
  • ndiswrapper-kmp-desktop >= 1.58_k3.11.10_25-16.1
  • ndiswrapper-kmp-desktop-debuginfo >= 1.58_k3.11.10_25-16.1
  • ndiswrapper-kmp-pae >= 1.58_k3.11.10_25-16.1
  • ndiswrapper-kmp-pae-debuginfo >= 1.58_k3.11.10_25-16.1
  • pcfclock >= 0.44-258.16.1
  • pcfclock-debuginfo >= 0.44-258.16.1
  • pcfclock-debugsource >= 0.44-258.16.1
  • pcfclock-kmp-default >= 0.44_k3.11.10_25-258.16.1
  • pcfclock-kmp-default-debuginfo >= 0.44_k3.11.10_25-258.16.1
  • pcfclock-kmp-desktop >= 0.44_k3.11.10_25-258.16.1
  • pcfclock-kmp-desktop-debuginfo >= 0.44_k3.11.10_25-258.16.1
  • pcfclock-kmp-pae >= 0.44_k3.11.10_25-258.16.1
  • pcfclock-kmp-pae-debuginfo >= 0.44_k3.11.10_25-258.16.1
  • python-virtualbox >= 4.2.18-2.21.1
  • python-virtualbox-debuginfo >= 4.2.18-2.21.1
  • vhba-kmp >= 20130607-2.17.1
  • vhba-kmp-debugsource >= 20130607-2.17.1
  • vhba-kmp-default >= 20130607_k3.11.10_25-2.17.1
  • vhba-kmp-default-debuginfo >= 20130607_k3.11.10_25-2.17.1
  • vhba-kmp-desktop >= 20130607_k3.11.10_25-2.17.1
  • vhba-kmp-desktop-debuginfo >= 20130607_k3.11.10_25-2.17.1
  • vhba-kmp-pae >= 20130607_k3.11.10_25-2.17.1
  • vhba-kmp-pae-debuginfo >= 20130607_k3.11.10_25-2.17.1
  • vhba-kmp-xen >= 20130607_k3.11.10_25-2.17.1
  • vhba-kmp-xen-debuginfo >= 20130607_k3.11.10_25-2.17.1
  • virtualbox >= 4.2.18-2.21.1
  • virtualbox-debuginfo >= 4.2.18-2.21.1
  • virtualbox-debugsource >= 4.2.18-2.21.1
  • virtualbox-devel >= 4.2.18-2.21.1
  • virtualbox-guest-kmp-default >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-guest-kmp-default-debuginfo >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-guest-kmp-desktop >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-guest-kmp-desktop-debuginfo >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-guest-kmp-pae >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-guest-kmp-pae-debuginfo >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-guest-tools >= 4.2.18-2.21.1
  • virtualbox-guest-tools-debuginfo >= 4.2.18-2.21.1
  • virtualbox-guest-x11 >= 4.2.18-2.21.1
  • virtualbox-guest-x11-debuginfo >= 4.2.18-2.21.1
  • virtualbox-host-kmp-default >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-host-kmp-default-debuginfo >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-host-kmp-desktop >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-host-kmp-desktop-debuginfo >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-host-kmp-pae >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-host-kmp-pae-debuginfo >= 4.2.18_k3.11.10_25-2.21.1
  • virtualbox-qt >= 4.2.18-2.21.1
  • virtualbox-qt-debuginfo >= 4.2.18-2.21.1
  • virtualbox-websrv >= 4.2.18-2.21.1
  • virtualbox-websrv-debuginfo >= 4.2.18-2.21.1
  • xen >= 4.3.2_02-30.1
  • xen-debugsource >= 4.3.2_02-30.1
  • xen-devel >= 4.3.2_02-30.1
  • xen-doc-html >= 4.3.2_02-30.1
  • xen-kmp-default >= 4.3.2_02_k3.11.10_25-30.1
  • xen-kmp-default-debuginfo >= 4.3.2_02_k3.11.10_25-30.1
  • xen-kmp-desktop >= 4.3.2_02_k3.11.10_25-30.1
  • xen-kmp-desktop-debuginfo >= 4.3.2_02_k3.11.10_25-30.1
  • xen-kmp-pae >= 4.3.2_02_k3.11.10_25-30.1
  • xen-kmp-pae-debuginfo >= 4.3.2_02_k3.11.10_25-30.1
  • xen-libs >= 4.3.2_02-30.1
  • xen-libs-32bit >= 4.3.2_02-30.1
  • xen-libs-debuginfo >= 4.3.2_02-30.1
  • xen-libs-debuginfo-32bit >= 4.3.2_02-30.1
  • xen-tools >= 4.3.2_02-30.1
  • xen-tools-debuginfo >= 4.3.2_02-30.1
  • xen-tools-domU >= 4.3.2_02-30.1
  • xen-tools-domU-debuginfo >= 4.3.2_02-30.1
  • xen-xend-tools >= 4.3.2_02-30.1
  • xen-xend-tools-debuginfo >= 4.3.2_02-30.1
  • xtables-addons >= 2.3-2.16.1
  • xtables-addons-debuginfo >= 2.3-2.16.1
  • xtables-addons-debugsource >= 2.3-2.16.1
  • xtables-addons-kmp-default >= 2.3_k3.11.10_25-2.16.1
  • xtables-addons-kmp-default-debuginfo >= 2.3_k3.11.10_25-2.16.1
  • xtables-addons-kmp-desktop >= 2.3_k3.11.10_25-2.16.1
  • xtables-addons-kmp-desktop-debuginfo >= 2.3_k3.11.10_25-2.16.1
  • xtables-addons-kmp-pae >= 2.3_k3.11.10_25-2.16.1
  • xtables-addons-kmp-pae-debuginfo >= 2.3_k3.11.10_25-2.16.1
  • xtables-addons-kmp-xen >= 2.3_k3.11.10_25-2.16.1
  • xtables-addons-kmp-xen-debuginfo >= 2.3_k3.11.10_25-2.16.1
Patchnames:
openSUSE-2014-469
openSUSE-2014-793
openSUSE Tumbleweed
  • edje >= 1.18.2-5.1
  • efl >= 1.18.2-5.1
  • efl-devel >= 1.18.2-5.1
  • efl-examples >= 1.18.2-5.1
  • efl-testsuite >= 1.18.2-5.1
  • elementary >= 1.18.2-5.1
  • elementary-examples >= 1.18.2-5.1
  • elua >= 1.18.2-5.1
  • embryo >= 1.18.2-5.1
  • enlightenment-theme-dark >= 0.21.0-5.1
  • enlightenment-theme-upstream >= 0.21.0-5.1
  • enlightenment-x-dark-icon-theme >= 1.18.2-5.1
  • evas-generic-loaders >= 1.18.2-5.1
  • libecore1 >= 1.18.2-5.1
  • libector1 >= 1.18.2-5.1
  • libedje1 >= 1.18.2-5.1
  • libeet1 >= 1.18.2-5.1
  • libeeze1 >= 1.18.2-5.1
  • libefl1 >= 1.18.2-5.1
  • libefreet1 >= 1.18.2-5.1
  • libefreet_mime1 >= 1.18.2-5.1
  • libefreet_trash1 >= 1.18.2-5.1
  • libeina1 >= 1.18.2-5.1
  • libeio1 >= 1.18.2-5.1
  • libeldbus1 >= 1.18.2-5.1
  • libelocation1 >= 1.18.2-5.1
  • libelput1 >= 1.18.2-5.1
  • libelua1 >= 1.18.2-5.1
  • libembryo1 >= 1.18.2-5.1
  • libemile1 >= 1.18.2-5.1
  • libemotion1 >= 1.18.2-5.1
  • libeo1 >= 1.18.2-5.1
  • libeolian1 >= 1.18.2-5.1
  • libephysics1 >= 1.18.2-5.1
  • libethumb1 >= 1.18.2-5.1
  • libethumb_client1 >= 1.18.2-5.1
  • libevas1 >= 1.18.2-5.1
Patchnames:
openSUSE Tumbleweed GA edje