ALSA-2025:11035

See a problem?
Please try reporting it to the source first.

Source

https://errata.almalinux.org/8/ALSA-2025-11035.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:11035.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2025:11035

Related

CVE-2019-17543

Published

2025-07-15T00:00:00Z

Modified

2025-08-02T13:24:46Z

Summary

Moderate: lz4 security update

Details

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems.

Security Fix(es):

lz4: heap-based buffer overflow in LZ4_write32 (CVE-2019-17543)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / lz4

Package

Name: lz4
Purl: pkg:rpm/almalinux/lz4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-5.el8_10

AlmaLinux:8 / lz4-devel

Package

Name: lz4-devel
Purl: pkg:rpm/almalinux/lz4-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-5.el8_10

AlmaLinux:8 / lz4-libs

Package

Name: lz4-libs
Purl: pkg:rpm/almalinux/lz4-libs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-5.el8_10