In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
En la utilidad Zstandard command-line versiones anteriores a v1.4.1, los archivos de salida se creaban con permisos predeterminados. Los permisos de archivo correctos (que coincidan con la entrada) solo se establecerán en el momento de la completación. Por lo tanto, los archivos de salida podrían ser leídos o escribibles para personas no deseadas
An update that fixes two vulnerabilities is now available. This update for zstd fixes the following issues. Added read permissions to files while being compressed or uncompressed. Fixed a race condition which could have allowed an attacker to access world-readable destination file. This update was imported from the SUSE:SLE-15:Update update project.
