ASA-202105-27 log generated external raw

[ASA-202105-27] lz4: denial of service
Arch Linux Security Advisory ASA-202105-27 ========================================== Severity: Low Date : 2021-05-25 CVE-ID : CVE-2021-3520 Package : lz4 Type : denial of service Remote : Yes Link : Summary ======= The package lz4 before version 1:1.9.3-2 is vulnerable to denial of service. Resolution ========== Upgrade to 1:1.9.3-2. # pacman -Syu "lz4>=1:1.9.3-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug caused one of the memmove arguments to become negative. Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() function. Impact ====== A crafted lz4 file can lead to an application crash, potentially creating a large core dump file. References ==========