ID CVE-2008-1372
Summary bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
Vulnerable Configurations
  • cpe:2.3:a:bzip:bzip2:0.9
    cpe:2.3:a:bzip:bzip2:0.9
  • cpe:2.3:a:bzip:bzip2:0.9.5a
    cpe:2.3:a:bzip:bzip2:0.9.5a
  • cpe:2.3:a:bzip:bzip2:0.9.5b
    cpe:2.3:a:bzip:bzip2:0.9.5b
  • cpe:2.3:a:bzip:bzip2:0.9.5c
    cpe:2.3:a:bzip:bzip2:0.9.5c
  • cpe:2.3:a:bzip:bzip2:0.9.5d
    cpe:2.3:a:bzip:bzip2:0.9.5d
  • cpe:2.3:a:bzip:bzip2:0.9_a
    cpe:2.3:a:bzip:bzip2:0.9_a
  • cpe:2.3:a:bzip:bzip2:0.9_b
    cpe:2.3:a:bzip:bzip2:0.9_b
  • cpe:2.3:a:bzip:bzip2:0.9_c
    cpe:2.3:a:bzip:bzip2:0.9_c
  • cpe:2.3:a:bzip:bzip2:1.0
    cpe:2.3:a:bzip:bzip2:1.0
  • cpe:2.3:a:bzip:bzip2:1.0.1
    cpe:2.3:a:bzip:bzip2:1.0.1
  • cpe:2.3:a:bzip:bzip2:1.0.2
    cpe:2.3:a:bzip:bzip2:1.0.2
  • bzip bzip2 1.0.3
    cpe:2.3:a:bzip:bzip2:1.0.3
CVSS
Base: 4.3 (as of 19-03-2008 - 10:17)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-590-1.NASL
    description It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 31677
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31677
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : bzip2 vulnerability (USN-590-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080916_BZIP2_ON_SL3_X.NASL
    description A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372)
    last seen 2019-01-16
    modified 2019-01-07
    plugin id 60474
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60474
    title Scientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_063399FCF6D611DCBCEE001C2514716C.NASL
    description SecurityFocus reports : The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files. Exploit attempts likely result in application crashes.
    last seen 2019-01-16
    modified 2018-12-19
    plugin id 31633
    published 2008-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31633
    title FreeBSD : bzip2 -- crash with certain malformed archive files (063399fc-f6d6-11dc-bcee-001c2514716c)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0893.NASL
    description From Red Hat Security Advisory 2008:0893 : Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-01-16
    modified 2018-08-13
    plugin id 67750
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67750
    title Oracle Linux 3 / 4 / 5 : bzip2 (ELSA-2008-0893)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12119.NASL
    description Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)
    last seen 2018-09-01
    modified 2012-04-23
    plugin id 41204
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41204
    title SuSE9 Security Update : bzip2 (YOU Patch Number 12119)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-098-02.NASL
    description New bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a DoS issue.
    last seen 2019-01-16
    modified 2018-06-27
    plugin id 31803
    published 2008-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31803
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : bzip2 (SSA:2008-098-02)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200903-40.NASL
    description The remote host is affected by the vulnerability described in GLSA-200903-40 (Analog: Denial of Service) Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02). Impact : A local attacker could place specially crafted log files into a log directory being analyzed by analog, e.g. /var/log/apache, resulting in a crash when being processed by the application. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-11-14
    plugin id 36048
    published 2009-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36048
    title GLSA-200903-40 : Analog: Denial of Service
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3037.NASL
    description This update fixes bzip2 denial of service (crash) on malformed archives - CVE-2008-1372, #438118. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2015-10-21
    plugin id 31828
    published 2008-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31828
    title Fedora 7 : bzip2-1.0.4-11.fc7 (2008-3037)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BZIP2-5114.NASL
    description Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)
    last seen 2018-09-02
    modified 2012-05-17
    plugin id 32212
    published 2008-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32212
    title SuSE 10 Security Update : bzip2 (ZYPP Patch Number 5114)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-2970.NASL
    description This update fixes bzip2 denial of service (crash) on malformed archives - CVE-2008-1372, #438118. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2015-10-21
    plugin id 31820
    published 2008-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31820
    title Fedora 8 : bzip2-1.0.4-13.fc8 (2008-2970)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0019.NASL
    description a. Critical Memory corruption vulnerability A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. b. Updated Service Console package bzip2 bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 40386
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40386
    title VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL9592.NASL
    description The remote BIG-IP device is missing a patch required by a security advisory.
    last seen 2019-01-16
    modified 2019-01-04
    plugin id 78227
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78227
    title F5 Networks BIG-IP : bzip2 vulnerability (SOL9592)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_8.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.8. Mac OS X 10.5.8 contains security fixes for the following products : - bzip2 - CFNetwork - ColorSync - CoreTypes - Dock - Image RAW - ImageIO - Kernel - launchd - Login Window - MobileMe - Networking - XQuery
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 40502
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40502
    title Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-003.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-003 applied. This security update contains fixes for the following products : - bzip2 - ColorSync - ImageIO - Login Window
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 40501
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40501
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-003)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-075.NASL
    description Bzip2 versions before 1.0.5 are vulnerable to a denial of service attack via malicious compressed data. The updated packages have been patched to prevent the issue.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 37613
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37613
    title Mandriva Linux Security Advisory : bzip2 (MDVSA-2008:075)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0893.NASL
    description Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 34222
    published 2008-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34222
    title CentOS 3 / 4 / 5 : bzip2 (CESA-2008:0893)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200804-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200804-02 (bzip2: Denial of Service) The Oulu University discovered that bzip2 does not properly check offsets provided by the bzip2 file, leading to a buffer overread. Impact : Remote attackers can entice a user or automated system to open a specially crafted file that triggers a buffer overread, causing a Denial of Service. libbz2 and programs linking against it are also affected. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 31753
    published 2008-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31753
    title GLSA-200804-02 : bzip2: Denial of Service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BZIP2-5112.NASL
    description Specially crafted files could crash the bzip2-decoder (CVE-2008-1372).
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 32211
    published 2008-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32211
    title openSUSE 10 Security Update : bzip2 (bzip2-5112)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BZIP2-5295.NASL
    description Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 41482
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41482
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5295)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0893.NASL
    description Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 34229
    published 2008-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34229
    title RHEL 2.1 / 3 / 4 / 5 : bzip2 (RHSA-2008:0893)
oval via4
  • accepted 2013-04-29T04:01:09.336-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
    family unix
    id oval:org.mitre.oval:def:10067
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
    version 24
  • accepted 2010-05-17T04:00:17.984-04:00
    class vulnerability
    contributors
    • name Michael Wood
      organization Hewlett-Packard
    • name Michael Wood
      organization Hewlett-Packard
    • name J. Daniel Brown
      organization DTCC
    definition_extensions
    • comment VMWare ESX Server 3.0.3 is installed
      oval oval:org.mitre.oval:def:6026
    • comment VMWare ESX Server 3.0.2 is installed
      oval oval:org.mitre.oval:def:5613
    • comment VMware ESX Server 3.5.0 is installed
      oval oval:org.mitre.oval:def:5887
    description bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
    family unix
    id oval:org.mitre.oval:def:6467
    status accepted
    submitted 2009-09-23T15:39:02.000-04:00
    title Bzip2 Bug Lets Remote Users Deny Service
    version 6
redhat via4
advisories
bugzilla
id 438118
title CVE-2008-1372 bzip2: crash on malformed archive file
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment bzip2 is earlier than 0:1.0.2-12.EL3
          oval oval:com.redhat.rhsa:tst:20080893002
        • comment bzip2 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080893003
      • AND
        • comment bzip2-devel is earlier than 0:1.0.2-12.EL3
          oval oval:com.redhat.rhsa:tst:20080893006
        • comment bzip2-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080893007
      • AND
        • comment bzip2-libs is earlier than 0:1.0.2-12.EL3
          oval oval:com.redhat.rhsa:tst:20080893004
        • comment bzip2-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080893005
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment bzip2 is earlier than 0:1.0.2-14.el4_7
          oval oval:com.redhat.rhsa:tst:20080893009
        • comment bzip2 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080893003
      • AND
        • comment bzip2-devel is earlier than 0:1.0.2-14.el4_7
          oval oval:com.redhat.rhsa:tst:20080893011
        • comment bzip2-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080893007
      • AND
        • comment bzip2-libs is earlier than 0:1.0.2-14.el4_7
          oval oval:com.redhat.rhsa:tst:20080893010
        • comment bzip2-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080893005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment bzip2 is earlier than 0:1.0.3-4.el5_2
          oval oval:com.redhat.rhsa:tst:20080893013
        • comment bzip2 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080893014
      • AND
        • comment bzip2-devel is earlier than 0:1.0.3-4.el5_2
          oval oval:com.redhat.rhsa:tst:20080893015
        • comment bzip2-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080893016
      • AND
        • comment bzip2-libs is earlier than 0:1.0.3-4.el5_2
          oval oval:com.redhat.rhsa:tst:20080893017
        • comment bzip2-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080893018
rhsa
id RHSA-2008:0893
released 2008-09-16
severity Moderate
title RHSA-2008:0893: bzip2 security update (Moderate)
rpms
  • bzip2-0:1.0.2-12.EL3
  • bzip2-devel-0:1.0.2-12.EL3
  • bzip2-libs-0:1.0.2-12.EL3
  • bzip2-0:1.0.2-14.el4_7
  • bzip2-devel-0:1.0.2-14.el4_7
  • bzip2-libs-0:1.0.2-14.el4_7
  • bzip2-0:1.0.3-4.el5_2
  • bzip2-devel-0:1.0.3-4.el5_2
  • bzip2-libs-0:1.0.3-4.el5_2
refmap via4
apple APPLE-SA-2009-08-05-1
bid 28286
bugtraq
  • 20080321 rPSA-2008-0118-1 bzip2
  • 20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
cert TA09-218A
cert-vn VU#813451
confirm
fedora
  • FEDORA-2008-2970
  • FEDORA-2008-3037
gentoo
  • GLSA-200804-02
  • GLSA-200903-40
mandriva MDVSA-2008:075
misc
netbsd NetBSD-SA2008-004
sectrack 1020867
secunia
  • 29410
  • 29475
  • 29497
  • 29506
  • 29656
  • 29677
  • 29698
  • 29940
  • 31204
  • 31869
  • 31878
  • 36096
slackware SSA:2008-098-02
sunalert 241786
suse SUSE-SR:2008:011
ubuntu USN-590-1
vupen
  • ADV-2008-0915
  • ADV-2008-2557
  • ADV-2009-2172
xf bzip2-archives-code-execution(41249)
statements via4
contributor Joshua Bressers
lastmodified 2008-10-17
organization Red Hat
statement Red Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior: http://rhn.redhat.com/errata/RHSA-2008-0893.html
Last major update 07-03-2011 - 22:06
Published 18-03-2008 - 17:44
Last modified 11-10-2018 - 16:32
Back to Top