ID |
CVE-2008-1372
|
Summary |
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:bzip:bzip2:0.9
cpe:2.3:a:bzip:bzip2:0.9
-
cpe:2.3:a:bzip:bzip2:0.9.5a
cpe:2.3:a:bzip:bzip2:0.9.5a
-
cpe:2.3:a:bzip:bzip2:0.9.5b
cpe:2.3:a:bzip:bzip2:0.9.5b
-
cpe:2.3:a:bzip:bzip2:0.9.5c
cpe:2.3:a:bzip:bzip2:0.9.5c
-
cpe:2.3:a:bzip:bzip2:0.9.5d
cpe:2.3:a:bzip:bzip2:0.9.5d
-
cpe:2.3:a:bzip:bzip2:0.9_a
cpe:2.3:a:bzip:bzip2:0.9_a
-
cpe:2.3:a:bzip:bzip2:0.9_b
cpe:2.3:a:bzip:bzip2:0.9_b
-
cpe:2.3:a:bzip:bzip2:0.9_c
cpe:2.3:a:bzip:bzip2:0.9_c
-
cpe:2.3:a:bzip:bzip2:1.0
cpe:2.3:a:bzip:bzip2:1.0
-
cpe:2.3:a:bzip:bzip2:1.0.1
cpe:2.3:a:bzip:bzip2:1.0.1
-
cpe:2.3:a:bzip:bzip2:1.0.2
cpe:2.3:a:bzip:bzip2:1.0.2
-
bzip bzip2 1.0.3
cpe:2.3:a:bzip:bzip2:1.0.3
|
CVSS |
Base: | 4.3 (as of 19-03-2008 - 10:17) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-119 |
CAPEC |
-
Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
-
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
-
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
-
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
-
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
-
Overflow Binary Resource File
An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
-
Buffer Overflow via Symbolic Links
This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
-
Overflow Variables and Tags
This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
-
Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
-
Buffer Overflow in an API Call
This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
-
Buffer Overflow in Local Command-Line Utilities
This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
nessus
via4
|
NASL family | Ubuntu Local Security Checks | NASL id | UBUNTU_USN-590-1.NASL | description | It was discovered that bzip2 did not correctly handle certain
malformed archives. If a user or automated system were tricked into
processing a specially crafted bzip2 archive, applications linked
against libbz2 could be made to crash, possibly leading to a denial of
service.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-28 | plugin id | 31677 | published | 2008-03-26 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=31677 | title | Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : bzip2 vulnerability (USN-590-1) |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20080916_BZIP2_ON_SL3_X.NASL | description | A buffer over-read flaw was discovered in the bzip2 decompression
routine. This issue could cause an application linked against the
libbz2 library to crash when decompressing malformed archives.
(CVE-2008-1372) | last seen | 2019-01-16 | modified | 2019-01-07 | plugin id | 60474 | published | 2012-08-01 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=60474 | title | Scientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64 |
NASL family | FreeBSD Local Security Checks | NASL id | FREEBSD_PKG_063399FCF6D611DCBCEE001C2514716C.NASL | description | SecurityFocus reports :
The 'bzip2' application is prone to a remote file-handling
vulnerability because the application fails to properly handle
malformed files.
Exploit attempts likely result in application crashes. | last seen | 2019-01-16 | modified | 2018-12-19 | plugin id | 31633 | published | 2008-03-21 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=31633 | title | FreeBSD : bzip2 -- crash with certain malformed archive files (063399fc-f6d6-11dc-bcee-001c2514716c) |
NASL family | Oracle Linux Local Security Checks | NASL id | ORACLELINUX_ELSA-2008-0893.NASL | description | From Red Hat Security Advisory 2008:0893 :
Updated bzip2 packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Bzip2 is a freely available, high-quality data compressor. It provides
both stand-alone compression and decompression utilities, as well as a
shared library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression
routine. This issue could cause an application linked against the
libbz2 library to crash when decompressing malformed archives.
(CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain
a backported patch to resolve this issue. | last seen | 2019-01-16 | modified | 2018-08-13 | plugin id | 67750 | published | 2013-07-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=67750 | title | Oracle Linux 3 / 4 / 5 : bzip2 (ELSA-2008-0893) |
NASL family | SuSE Local Security Checks | NASL id | SUSE9_12119.NASL | description | Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372) | last seen | 2018-09-01 | modified | 2012-04-23 | plugin id | 41204 | published | 2009-09-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=41204 | title | SuSE9 Security Update : bzip2 (YOU Patch Number 12119) |
NASL family | Slackware Local Security Checks | NASL id | SLACKWARE_SSA_2008-098-02.NASL | description | New bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, and -current to fix a DoS issue. | last seen | 2019-01-16 | modified | 2018-06-27 | plugin id | 31803 | published | 2008-04-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=31803 | title | Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : bzip2 (SSA:2008-098-02) |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-200903-40.NASL | description | The remote host is affected by the vulnerability described in GLSA-200903-40
(Analog: Denial of Service)
Diego E. Petteno reported that the Analog package in Gentoo is built
with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA
200804-02).
Impact :
A local attacker could place specially crafted log files into a log
directory being analyzed by analog, e.g. /var/log/apache, resulting in
a crash when being processed by the application.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2018-11-14 | plugin id | 36048 | published | 2009-03-30 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=36048 | title | GLSA-200903-40 : Analog: Denial of Service |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2008-3037.NASL | description | This update fixes bzip2 denial of service (crash) on malformed
archives - CVE-2008-1372, #438118.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2015-10-21 | plugin id | 31828 | published | 2008-04-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=31828 | title | Fedora 7 : bzip2-1.0.4-11.fc7 (2008-3037) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_BZIP2-5114.NASL | description | Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372) | last seen | 2018-09-02 | modified | 2012-05-17 | plugin id | 32212 | published | 2008-05-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=32212 | title | SuSE 10 Security Update : bzip2 (ZYPP Patch Number 5114) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2008-2970.NASL | description | This update fixes bzip2 denial of service (crash) on malformed
archives - CVE-2008-1372, #438118.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2015-10-21 | plugin id | 31820 | published | 2008-04-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=31820 | title | Fedora 8 : bzip2-1.0.4-13.fc8 (2008-2970) |
NASL family | VMware ESX Local Security Checks | NASL id | VMWARE_VMSA-2008-0019.NASL | description | a. Critical Memory corruption vulnerability
A memory corruption condition may occur in the virtual machine
hardware. A malicious request sent from the guest operating
system to the virtual hardware may cause the virtual hardware to
write to uncontrolled physical memory.
VMware would like to thank Andrew Honig of the Department of
Defense for reporting this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4917 to this issue.
b. Updated Service Console package bzip2
bzip2 versions before 1.0.5 can crash if certain flaws in compressed
data lead to reading beyond the end of a buffer. This might cause
an application linked to the libbz2 library to crash when
decompressing malformed archives.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-1372 to this issue. | last seen | 2019-01-16 | modified | 2018-08-06 | plugin id | 40386 | published | 2009-07-27 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=40386 | title | VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 |
NASL family | F5 Networks Local Security Checks | NASL id | F5_BIGIP_SOL9592.NASL | description | The remote BIG-IP device is missing a patch required by a security
advisory. | last seen | 2019-01-16 | modified | 2019-01-04 | plugin id | 78227 | published | 2014-10-10 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=78227 | title | F5 Networks BIG-IP : bzip2 vulnerability (SOL9592) |
NASL family | MacOS X Local Security Checks | NASL id | MACOSX_10_5_8.NASL | description | The remote host is running a version of Mac OS X 10.5.x that is prior
to 10.5.8.
Mac OS X 10.5.8 contains security fixes for the following products :
- bzip2
- CFNetwork
- ColorSync
- CoreTypes
- Dock
- Image RAW
- ImageIO
- Kernel
- launchd
- Login Window
- MobileMe
- Networking
- XQuery | last seen | 2019-01-16 | modified | 2018-07-16 | plugin id | 40502 | published | 2009-08-05 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=40502 | title | Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities |
NASL family | MacOS X Local Security Checks | NASL id | MACOSX_SECUPD2009-003.NASL | description | The remote host is running a version of Mac OS X 10.4 that does not
have Security Update 2009-003 applied.
This security update contains fixes for the following products :
- bzip2
- ColorSync
- ImageIO
- Login Window | last seen | 2019-01-16 | modified | 2018-07-14 | plugin id | 40501 | published | 2009-08-05 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=40501 | title | Mac OS X Multiple Vulnerabilities (Security Update 2009-003) |
NASL family | Mandriva Local Security Checks | NASL id | MANDRIVA_MDVSA-2008-075.NASL | description | Bzip2 versions before 1.0.5 are vulnerable to a denial of service
attack via malicious compressed data.
The updated packages have been patched to prevent the issue. | last seen | 2019-01-16 | modified | 2018-07-19 | plugin id | 37613 | published | 2009-04-23 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=37613 | title | Mandriva Linux Security Advisory : bzip2 (MDVSA-2008:075) |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2008-0893.NASL | description | Updated bzip2 packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Bzip2 is a freely available, high-quality data compressor. It provides
both stand-alone compression and decompression utilities, as well as a
shared library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression
routine. This issue could cause an application linked against the
libbz2 library to crash when decompressing malformed archives.
(CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain
a backported patch to resolve this issue. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 34222 | published | 2008-09-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=34222 | title | CentOS 3 / 4 / 5 : bzip2 (CESA-2008:0893) |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-200804-02.NASL | description | The remote host is affected by the vulnerability described in GLSA-200804-02
(bzip2: Denial of Service)
The Oulu University discovered that bzip2 does not properly check
offsets provided by the bzip2 file, leading to a buffer overread.
Impact :
Remote attackers can entice a user or automated system to open a
specially crafted file that triggers a buffer overread, causing a
Denial of Service. libbz2 and programs linking against it are also
affected.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2018-08-10 | plugin id | 31753 | published | 2008-04-04 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=31753 | title | GLSA-200804-02 : bzip2: Denial of Service |
NASL family | SuSE Local Security Checks | NASL id | SUSE_BZIP2-5112.NASL | description | Specially crafted files could crash the bzip2-decoder (CVE-2008-1372). | last seen | 2018-09-01 | modified | 2014-06-13 | plugin id | 32211 | published | 2008-05-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=32211 | title | openSUSE 10 Security Update : bzip2 (bzip2-5112) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_BZIP2-5295.NASL | description | Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372) | last seen | 2018-09-01 | modified | 2012-05-17 | plugin id | 41482 | published | 2009-09-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=41482 | title | SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5295) |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2008-0893.NASL | description | Updated bzip2 packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Bzip2 is a freely available, high-quality data compressor. It provides
both stand-alone compression and decompression utilities, as well as a
shared library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression
routine. This issue could cause an application linked against the
libbz2 library to crash when decompressing malformed archives.
(CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain
a backported patch to resolve this issue. | last seen | 2019-01-16 | modified | 2018-11-27 | plugin id | 34229 | published | 2008-09-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=34229 | title | RHEL 2.1 / 3 / 4 / 5 : bzip2 (RHSA-2008:0893) |
|
oval
via4
|
accepted | 2013-04-29T04:01:09.336-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | family | unix | id | oval:org.mitre.oval:def:10067 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | version | 24 |
accepted | 2010-05-17T04:00:17.984-04:00 | class | vulnerability | contributors | name | Michael Wood | organization | Hewlett-Packard |
name | Michael Wood | organization | Hewlett-Packard |
name | J. Daniel Brown | organization | DTCC |
| definition_extensions | comment | VMWare ESX Server 3.0.3 is installed | oval | oval:org.mitre.oval:def:6026 |
comment | VMWare ESX Server 3.0.2 is installed | oval | oval:org.mitre.oval:def:5613 |
comment | VMware ESX Server 3.5.0 is installed | oval | oval:org.mitre.oval:def:5887 |
| description | bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | family | unix | id | oval:org.mitre.oval:def:6467 | status | accepted | submitted | 2009-09-23T15:39:02.000-04:00 | title | Bzip2 Bug Lets Remote Users Deny Service | version | 6 |
|
redhat
via4
|
advisories | bugzilla | id | 438118 | title | CVE-2008-1372 bzip2: crash on malformed archive file |
| oval | OR | AND | comment | Red Hat Enterprise Linux 3 is installed | oval | oval:com.redhat.rhsa:tst:20060015001 |
OR | AND | comment | bzip2 is earlier than 0:1.0.2-12.EL3 | oval | oval:com.redhat.rhsa:tst:20080893002 |
comment | bzip2 is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080893003 |
|
AND | comment | bzip2-devel is earlier than 0:1.0.2-12.EL3 | oval | oval:com.redhat.rhsa:tst:20080893006 |
comment | bzip2-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080893007 |
|
AND | comment | bzip2-libs is earlier than 0:1.0.2-12.EL3 | oval | oval:com.redhat.rhsa:tst:20080893004 |
comment | bzip2-libs is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080893005 |
|
|
|
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhsa:tst:20060016001 |
OR | AND | comment | bzip2 is earlier than 0:1.0.2-14.el4_7 | oval | oval:com.redhat.rhsa:tst:20080893009 |
comment | bzip2 is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080893003 |
|
AND | comment | bzip2-devel is earlier than 0:1.0.2-14.el4_7 | oval | oval:com.redhat.rhsa:tst:20080893011 |
comment | bzip2-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080893007 |
|
AND | comment | bzip2-libs is earlier than 0:1.0.2-14.el4_7 | oval | oval:com.redhat.rhsa:tst:20080893010 |
comment | bzip2-libs is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080893005 |
|
|
|
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhsa:tst:20070055001 |
OR | AND | comment | bzip2 is earlier than 0:1.0.3-4.el5_2 | oval | oval:com.redhat.rhsa:tst:20080893013 |
comment | bzip2 is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20080893014 |
|
AND | comment | bzip2-devel is earlier than 0:1.0.3-4.el5_2 | oval | oval:com.redhat.rhsa:tst:20080893015 |
comment | bzip2-devel is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20080893016 |
|
AND | comment | bzip2-libs is earlier than 0:1.0.3-4.el5_2 | oval | oval:com.redhat.rhsa:tst:20080893017 |
comment | bzip2-libs is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20080893018 |
|
|
|
|
| rhsa | id | RHSA-2008:0893 | released | 2008-09-16 | severity | Moderate | title | RHSA-2008:0893: bzip2 security update (Moderate) |
|
| rpms | - bzip2-0:1.0.2-12.EL3
- bzip2-devel-0:1.0.2-12.EL3
- bzip2-libs-0:1.0.2-12.EL3
- bzip2-0:1.0.2-14.el4_7
- bzip2-devel-0:1.0.2-14.el4_7
- bzip2-libs-0:1.0.2-14.el4_7
- bzip2-0:1.0.3-4.el5_2
- bzip2-devel-0:1.0.3-4.el5_2
- bzip2-libs-0:1.0.3-4.el5_2
|
|
refmap
via4
|
apple | APPLE-SA-2009-08-05-1 | bid | 28286 | bugtraq | - 20080321 rPSA-2008-0118-1 bzip2
- 20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
| cert | TA09-218A | cert-vn | VU#813451 | confirm | | fedora | - FEDORA-2008-2970
- FEDORA-2008-3037
| gentoo | - GLSA-200804-02
- GLSA-200903-40
| mandriva | MDVSA-2008:075 | misc | | netbsd | NetBSD-SA2008-004 | sectrack | 1020867 | secunia | - 29410
- 29475
- 29497
- 29506
- 29656
- 29677
- 29698
- 29940
- 31204
- 31869
- 31878
- 36096
| slackware | SSA:2008-098-02 | sunalert | 241786 | suse | SUSE-SR:2008:011 | ubuntu | USN-590-1 | vupen | - ADV-2008-0915
- ADV-2008-2557
- ADV-2009-2172
| xf | bzip2-archives-code-execution(41249) |
|
statements
via4
|
contributor | Joshua Bressers | lastmodified | 2008-10-17 | organization | Red Hat | statement | Red Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior:
http://rhn.redhat.com/errata/RHSA-2008-0893.html |
|
Last major update |
07-03-2011 - 22:06 |
Published |
18-03-2008 - 17:44 |
Last modified |
11-10-2018 - 16:32 |