It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue to cause a race condition and gain unauthorized access to sensitive data.
{ "binaries": [ { "binary_name": "libzstd1", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3" }, { "binary_name": "libzstd1-dbgsym", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3" }, { "binary_name": "libzstd1-dev", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3" }, { "binary_name": "zstd", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3" }, { "binary_name": "zstd-dbgsym", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }