Lucene search

K
centosCentOS ProjectCESA-2008:0893
HistorySep 16, 2008 - 3:23 p.m.

bzip2 security update

2008-09-1615:23:39
CentOS Project
lists.centos.org
49

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.097

Percentile

94.8%

CentOS Errata and Security Advisory CESA-2008:0893

Bzip2 is a freely available, high-quality data compressor. It provides both
stand-alone compression and decompression utilities, as well as a shared
library for use with other programs.

A buffer over-read flaw was discovered in the bzip2 decompression routine.
This issue could cause an application linked against the libbz2 library to
crash when decompressing malformed archives. (CVE-2008-1372)

Users of bzip2 should upgrade to these updated packages, which contain a
backported patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-September/077412.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077413.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077414.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077415.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077419.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077420.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077421.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077422.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077423.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077424.html

Affected packages:
bzip2
bzip2-devel
bzip2-libs

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0893

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.097

Percentile

94.8%