CentOS Errata and Security Advisory CESA-2008:0893
Bzip2 is a freely available, high-quality data compressor. It provides both
stand-alone compression and decompression utilities, as well as a shared
library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression routine.
This issue could cause an application linked against the libbz2 library to
crash when decompressing malformed archives. (CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain a
backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-September/077412.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077413.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077414.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077415.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077419.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077420.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077421.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077422.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077423.html
https://lists.centos.org/pipermail/centos-announce/2008-September/077424.html
Affected packages:
bzip2
bzip2-devel
bzip2-libs
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0893
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | bzip2 | < 1.0.2-12.EL3 | bzip2-1.0.2-12.EL3.i386.rpm |
CentOS | 3 | i386 | bzip2-devel | < 1.0.2-12.EL3 | bzip2-devel-1.0.2-12.EL3.i386.rpm |
CentOS | 3 | i386 | bzip2-libs | < 1.0.2-12.EL3 | bzip2-libs-1.0.2-12.EL3.i386.rpm |
CentOS | 3 | x86_64 | bzip2 | < 1.0.2-12.EL3 | bzip2-1.0.2-12.EL3.x86_64.rpm |
CentOS | 3 | x86_64 | bzip2-devel | < 1.0.2-12.EL3 | bzip2-devel-1.0.2-12.EL3.x86_64.rpm |
CentOS | 3 | i386 | bzip2-libs | < 1.0.2-12.EL3 | bzip2-libs-1.0.2-12.EL3.i386.rpm |
CentOS | 3 | x86_64 | bzip2-libs | < 1.0.2-12.EL3 | bzip2-libs-1.0.2-12.EL3.x86_64.rpm |
CentOS | 5 | i386 | bzip2 | < 1.0.3-4.el5_2 | bzip2-1.0.3-4.el5_2.i386.rpm |
CentOS | 5 | i386 | bzip2-devel | < 1.0.3-4.el5_2 | bzip2-devel-1.0.3-4.el5_2.i386.rpm |
CentOS | 5 | i386 | bzip2-libs | < 1.0.3-4.el5_2 | bzip2-libs-1.0.3-4.el5_2.i386.rpm |