Lucene search
Gentoo FoundationGLSA-201708-08HistoryAug 21, 2017 - 12:00 a.m.
bzip2: Denial of service
2017-08-2100:00:00
Gentoo Foundation
security.gentoo.org
103
0.036 Low
EPSS
Percentile
91.6%
Background
bzip2 is a high-quality data compressor used extensively by Gentoo Linux.
Description
A use-after-free flaw was found in bzip2recover, leading to a null pointer dereference, or a write to a closed file descriptor. Please review the CVE identifier referenced below for details.
Impact
A remote attacker could entice a user to process a specially crafted bzip2 archive using bzip2recover, possibly resulting in a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All bzip2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/bzip2-1.0.6-r8"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-arch/bzip2 | < 1.0.6-r8 | UNKNOWN |
Related
nessus
nessus
openSUSE Security Update : bzip2 (openSUSE-2019-1398)
2019-05-16 00:00:00
GLSA-201708-08 : bzip2: Denial of Service
2017-08-21 00:00:00
EulerOS 2.0 SP5 : bzip2 (EulerOS-SA-2019-1020)
2019-02-14 00:00:00
suse
suse
Security update for bzip2 (low)
2019-05-23 00:00:00
Security update for bzip2 (low)
2019-05-15 00:00:00
alpinelinux
alpinelinux
CVE-2016-3189
2016-06-30 17:59:00
debiancve
debiancve
CVE-2016-3189
2016-06-30 17:59:00
redhatcve
redhatcve
CVE-2016-3189
2016-06-20 11:18:46
cvelist
cvelist
CVE-2016-3189
2016-06-30 17:00:00
archlinux
archlinux
[ASA-201702-19] bzip2: denial of service
2017-02-22 00:00:00
openvas
openvas
Fedora Update for bzip2 FEDORA-2016-e7b46c92ae
2017-01-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1206-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for bzip2 (EulerOS-SA-2019-1020)
2020-01-23 00:00:00
f5
f5
K45816067 : bzip2 vulnerability CVE-2016-3189
2016-07-28 00:00:00
SOL45816067 - bzip2 vulnerability CVE-2016-3189
2016-07-28 00:00:00
SOL41233508 - bzip2 vulnerability CVE-2016-3189
2016-08-08 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: bzip2-1.0.6-21.fc24
2017-01-04 21:22:39
[SECURITY] Fedora 25 Update: bzip2-1.0.6-21.fc25
2017-01-02 19:53:02
cve
cve
CVE-2016-3189
2016-06-30 17:59:00
veracode
veracode
Use-after-free
2019-06-25 03:07:05
mageia
mageia
Updated bzip2 packages fix security vulnerability
2016-11-26 13:41:56
ubuntucve
ubuntucve
CVE-2016-3189
2016-06-30 00:00:00
prion
prion
Design/Logic Flaw
2016-06-30 17:59:00
cbl_mariner
cbl_mariner
CVE-2016-3189 affecting package bzip2 1.0.6-15
2020-09-09 06:09:14
slackware
slackware
[slackware-security] bzip2
2019-07-15 00:49:37
osv
osv
Windows: vulnerable bzip2 1.0.6
2019-06-19 22:07:57
bzip2 - security update
2019-06-24 00:00:00
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities in bzip2
2019-08-06 00:00:00
bzip2 -- multiple issues
2019-06-23 00:00:00
cloudfoundry
cloudfoundry
USN-4038-1: bzip2 vulnerabilities | Cloud Foundry
2019-11-14 00:00:00
USN-4038-4: bzip2 regression | Cloud Foundry
2019-08-29 00:00:00
USN-4038-3: bzip2 regression | Cloud Foundry
2019-08-29 00:00:00
debian
debian
[SECURITY] [DLA 1833-1] bzip2 security update
2019-06-24 20:25:30
freebsd_advisory
freebsd_advisory
FreeBSD-SA-19:18.bzip2
2019-08-06 00:00:00
ibm
ibm
ubuntu
ubuntu
bzip2 vulnerabilities
2019-06-26 00:00:00
bzip2 vulnerabilities
2019-06-26 00:00:00
kitploit
kitploit
arch-audit - An utility like pkg-audit for Arch Linux
2016-10-15 14:30:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00