Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Are the hard-to-exploit bugs in LZO compression algorithm a hype?

NotInHere writes: In 1996, Markus F. X. J. Oberhumer wrote an implementation of the Lempel–Ziv compression, which is used in various places like the linux kernel, libav, openVPN, or the Curiosity rover. As security researchers have found out, the code contained integer overflow and buffer overrun vulnerabilities, in the part of the code that was responsible to process not compressed parts of the data. Those vulnerabilities are however very hard to exploit, and their scope is dependent on the actual implementation.
According to Oberhumer, the problem only affects 32 bit systems. "I personally do not know about any client program that actually is affected", Oberhumer sais, calling the news about the possible security issue a media hype.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Are the hard-to-exploit bugs in LZO compression algorithm a hype?

Comments Filter:

No man is an island if he's on at least one mailing list.