========================================================================= Ubuntu Security Notice USN-5593-1 September 01, 2022 libzstd vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Zstandard could be made to execute arbitrary code if it received specially crafted input. Software Description: - libzstd: fast lossless compression algorithm Details: It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libzstd1 1.3.1+dfsg-1~ubuntu0.16.04.1+esm2 zstd 1.3.1+dfsg-1~ubuntu0.16.04.1+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5593-1 CVE-2019-11922 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922
https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0 https://www.facebook.com/security/advisories/cve-2019-11922
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11922