|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2014-06-26 21:17:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Decades-Old Vulnerability Threatens 'Internet Of Things' (Dark Reading)
Dark Reading writes about a newly-discovered bug that has existed for 20 years in multiple LZO compression implementations. "Patches for the integer overflow bug, which allows an attacker to cripple systems running the so-called Lempel-Ziv-Oberhumer (LZO) code with denial-of-service type attacks as well as remote code execution, were issued the past few days for the Linux kernel, as well as for various open-source media libraries. LZO handles high-speed compression and decompression of IP network traffic and files, typically images, in embedded systems.
'The most popular use is in image data, decompressing photos taken, raw images taken from a camera or video stream,' says Don Bailey, mobile and embedded systems security expert with Lab Mouse Security, who discovered the vulnerability while manually auditing the code."
Dark Reading writes about a newly-discovered bug that has existed for 20 years in multiple LZO compression implementations. "Patches for the integer overflow bug, which allows an attacker to cripple systems running the so-called Lempel-Ziv-Oberhumer (LZO) code with denial-of-service type attacks as well as remote code execution, were issued the past few days for the Linux kernel, as well as for various open-source media libraries. LZO handles high-speed compression and decompression of IP network traffic and files, typically images, in embedded systems.
'The most popular use is in image data, decompressing photos taken, raw images taken from a camera or video stream,' says Don Bailey, mobile and embedded systems security expert with Lab Mouse Security, who discovered the vulnerability while manually auditing the code."
