CentOS Errata and Security Advisory CESA-2008:0893-01
Bzip2 is a freely available, high-quality data compressor. It provides both
stand-alone compression and decompression utilities, as well as a shared
library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression routine.
This issue could cause an application linked against the libbz2 library to
crash when decompressing malformed archives. (CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain a
backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-September/077416.html
Affected packages:
bzip2
bzip2-devel
bzip2-libs
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | bzip2 | < 1.0.1-5.EL2.1 | bzip2-1.0.1-5.EL2.1.i386.rpm |
CentOS | 2 | i386 | bzip2-devel | < 1.0.1-5.EL2.1 | bzip2-devel-1.0.1-5.EL2.1.i386.rpm |
CentOS | 2 | i386 | bzip2-libs | < 1.0.1-5.EL2.1 | bzip2-libs-1.0.1-5.EL2.1.i386.rpm |