Information about this advisory is available at the following location:
Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.
F5 Product DevelopmentÂ tracked this issue as CR114442 and CR107644Â forÂ BIG-IP LTM, GTM, ASM, Link Controller, WebAccelerator, PSM, FirePass, and Enterprise Manager, and it was fixed in BIG-IP 9.4.7 and 10.0.0, and in Enterprise Manager 1.7. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, Link Controller, PSM, WebAccelerator, or Enterprise Manager release notes.
The affected versions of BIG-IP LTM, GTM, ASM, Link Controller, WebAccelerator, PSM, and Enterprise Manager have the bzip2 package installed. However, the package is not used and can be safely removed by typing the following command:
rpm -e bzip2
Note: The bzip2 package cannot be safely removed from the affected versions of FirePass and WANJet products.
The FirePass controller is a closed system with no administrative access to the underlying operating system. Bzip2 is used exclusively for compressing logs, and it poses a low risk of being compromised by this vulnerability.