{"result": {"cve": [{"id": "CVE-2008-1372", "type": "cve", "title": "CVE-2008-1372", "description": "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.", "published": "2008-03-18T17:44:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1372", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-09-29T14:25:48"}], "f5": [{"id": "F5:K9592", "type": "f5", "title": "bzip2 vulnerability CVE-2008-1372", "description": "", "published": "2009-01-21T03:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K9592", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-06-08T00:16:36"}, {"id": "SOL9592", "type": "f5", "title": "SOL9592 - bzip2 vulnerability CVE-2008-1372", "description": "Information about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372>\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\nF5 Product Development\u00c2 tracked this issue as CR114442 and CR107644\u00c2 for\u00c2 BIG-IP LTM, GTM, ASM, Link Controller, WebAccelerator, PSM, FirePass, and Enterprise Manager, and it was fixed in BIG-IP 9.4.7 and 10.0.0, and in Enterprise Manager 1.7. For information about upgrading, refer to the BIG-IP [LTM](<https://support.f5.com/kb/en-us/products/big-ip_ltm.html>), [ASM](<https://support.f5.com/kb/en-us/products/big-ip_asm.html>), [GTM](<https://support.f5.com/kb/en-us/products/big-ip_gtm.html>), [Link Controller](<https://support.f5.com/kb/en-us/products/lc_9_x.html>), [PSM](<https://support.f5.com/kb/en-us/products/big-ip_psm.html>), [WebAccelerator](<https://support.f5.com/kb/en-us/products/wa.html>), or [Enterprise Manager](<https://support.f5.com/content/kb/en-us/products/em.html>) release notes.\n\nWorkaround\n\nThe affected versions of BIG-IP LTM, GTM, ASM, Link Controller, WebAccelerator, PSM, and Enterprise Manager have the **bzip2** package installed. However, the package is not used and can be safely removed by typing the following command:\n\nrpm -e bzip2\n\n**Note**: The **bzip2** package cannot be safely removed from the affected versions of FirePass and WANJet products.\n\nThe FirePass controller is a closed system with no administrative access to the underlying operating system. Bzip2 is used exclusively for compressing logs, and it poses a low risk of being compromised by this vulnerability.\n", "published": "2009-01-20T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/9000/500/sol9592.html", "cvelist": ["CVE-2008-1372"], "lastseen": "2016-12-03T05:27:44"}], "gentoo": [{"id": "GLSA-200804-02", "type": "gentoo", "title": "bzip2: Denial of Service", "description": "### Background\n\nbzip2 is a free and open source lossless data compression program. \n\n### Description\n\nThe Oulu University discovered that bzip2 does not properly check offsets provided by the bzip2 file, leading to a buffer overread. \n\n### Impact\n\nRemote attackers can entice a user or automated system to open a specially crafted file that triggers a buffer overread, causing a Denial of Service. libbz2 and programs linking against it are also affected. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll bzip2 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/bzip2-1.0.5\"", "published": "2008-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200804-02", "cvelist": ["CVE-2008-1372"], "lastseen": "2016-09-06T19:46:05"}, {"id": "GLSA-200903-40", "type": "gentoo", "title": "Analog: Denial of Service", "description": "### Background\n\nAnalog is a a webserver log analyzer. \n\n### Description\n\nDiego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02). \n\n### Impact\n\nA local attacker could place specially crafted log files into a log directory being analyzed by analog, e.g. /var/log/apache, resulting in a crash when being processed by the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Analog users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/analog-6.0-r2\"\n\nNOTE: Analog is now linked against the system bzip2 library.", "published": "2009-03-29T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200903-40", "cvelist": ["CVE-2008-1372"], "lastseen": "2016-09-06T19:46:12"}], "openvas": [{"id": "OPENVAS:60666", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200804-02 (bzip2)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-02.", "published": "2008-09-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60666", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-07-24T12:50:08"}, {"id": "OPENVAS:1361412562310122556", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0893", "description": "Oracle Linux Local Security Checks ELSA-2008-0893", "published": "2015-10-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122556", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-07-24T12:52:30"}, {"id": "OPENVAS:855575", "type": "openvas", "title": "Solaris Update for bzip 114587-03", "description": "Check for the Version of bzip", "published": "2009-06-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=855575", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-07-02T21:14:11"}, {"id": "OPENVAS:870094", "type": "openvas", "title": "RedHat Update for bzip2 RHSA-2008:0893-01", "description": "Check for the Version of bzip2", "published": "2009-03-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870094", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-07-27T10:56:39"}, {"id": "OPENVAS:855150", "type": "openvas", "title": "Solaris Update for bzip2 138442-01", "description": "Check for the Version of bzip2", "published": "2009-06-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=855150", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-07-02T21:14:02"}, {"id": "OPENVAS:855138", "type": "openvas", "title": "Solaris Update for bzip2 138441-01", "description": "Check for the Version of bzip2", "published": "2009-06-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=855138", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-07-02T21:13:54"}, {"id": "OPENVAS:880235", "type": "openvas", "title": "CentOS Update for bzip2 CESA-2008:0893-01 centos2 i386", "description": "Check for the Version of bzip2", "published": "2009-02-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880235", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-07-25T10:57:13"}, {"id": "OPENVAS:1361412562310855575", "type": "openvas", "title": "Solaris Update for bzip 114587-03", "description": "Check for the Version of bzip", "published": "2009-06-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855575", "cvelist": ["CVE-2008-1372"], "lastseen": "2018-04-09T11:40:59"}, {"id": "OPENVAS:1361412562310855745", "type": "openvas", "title": "Solaris Update for bzip 114586-04", "description": "Check for the Version of bzip", "published": "2009-10-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855745", "cvelist": ["CVE-2008-1372"], "lastseen": "2018-04-09T11:40:06"}, {"id": "OPENVAS:1361412562310855150", "type": "openvas", "title": "Solaris Update for bzip2 138442-01", "description": "Check for the Version of bzip2", "published": "2009-06-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855150", "cvelist": ["CVE-2008-1372"], "lastseen": "2018-04-09T11:40:02"}], "freebsd": [{"id": "063399FC-F6D6-11DC-BCEE-001C2514716C", "type": "freebsd", "title": "bzip2 -- crash with certain malformed archive files", "description": "\nSecurityFocus reports:\n\nThe 'bzip2' application is prone to a remote file-handling\n\t vulnerability because the application fails to properly\n\t handle malformed files.\nExploit attempts likely result in application crashes.\n\n", "published": "2008-03-18T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/063399fc-f6d6-11dc-bcee-001c2514716c.html", "cvelist": ["CVE-2008-1372"], "lastseen": "2016-09-26T17:24:58"}], "nessus": [{"id": "REDHAT-RHSA-2008-0893.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 / 5 : bzip2 (RHSA-2008:0893)", "description": "Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nBzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "published": "2008-09-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=34229", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:36:46"}, {"id": "SUSE_BZIP2-5295.NASL", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5295)", "description": "Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)", "published": "2009-09-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41482", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:37:55"}, {"id": "SL_20080916_BZIP2_ON_SL3_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64", "description": "A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)", "published": "2012-08-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60474", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:39:20"}, {"id": "UBUNTU_USN-590-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : bzip2 vulnerability (USN-590-1)", "description": "It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-03-26T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31677", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:37:42"}, {"id": "FREEBSD_PKG_063399FCF6D611DCBCEE001C2514716C.NASL", "type": "nessus", "title": "FreeBSD : bzip2 -- crash with certain malformed archive files (063399fc-f6d6-11dc-bcee-001c2514716c)", "description": "SecurityFocus reports :\n\nThe 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.\n\nExploit attempts likely result in application crashes.", "published": "2008-03-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31633", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:43:50"}, {"id": "ORACLELINUX_ELSA-2008-0893.NASL", "type": "nessus", "title": "Oracle Linux 3 / 4 / 5 : bzip2 (ELSA-2008-0893)", "description": "From Red Hat Security Advisory 2008:0893 :\n\nUpdated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nBzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "published": "2013-07-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67750", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:34:01"}, {"id": "SUSE9_12119.NASL", "type": "nessus", "title": "SuSE9 Security Update : bzip2 (YOU Patch Number 12119)", "description": "Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)", "published": "2009-09-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41204", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:35:38"}, {"id": "GENTOO_GLSA-200903-40.NASL", "type": "nessus", "title": "GLSA-200903-40 : Analog: Denial of Service", "description": "The remote host is affected by the vulnerability described in GLSA-200903-40 (Analog: Denial of Service)\n\n Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02).\n Impact :\n\n A local attacker could place specially crafted log files into a log directory being analyzed by analog, e.g. /var/log/apache, resulting in a crash when being processed by the application.\n Workaround :\n\n There is no known workaround at this time.", "published": "2009-03-30T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36048", "cvelist": ["CVE-2008-1372"], "lastseen": "2018-01-13T01:11:42"}, {"id": "FEDORA_2008-2970.NASL", "type": "nessus", "title": "Fedora 8 : bzip2-1.0.4-13.fc8 (2008-2970)", "description": "This update fixes bzip2 denial of service (crash) on malformed archives - CVE-2008-1372, #438118.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-04-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31820", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:39:17"}, {"id": "FEDORA_2008-3037.NASL", "type": "nessus", "title": "Fedora 7 : bzip2-1.0.4-11.fc7 (2008-3037)", "description": "This update fixes bzip2 denial of service (crash) on malformed archives - CVE-2008-1372, #438118.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-04-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31828", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-29T13:38:59"}], "oraclelinux": [{"id": "ELSA-2008-0893", "type": "oraclelinux", "title": "bzip2 security update", "description": "[1.0.3-4]\n- Resolves: #461587\n fix cash on malformed archive file - CVE-2008-1372\n (apply upstream patch)", "published": "2008-09-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0893.html", "cvelist": ["CVE-2008-1372"], "lastseen": "2016-09-04T11:15:55"}], "redhat": [{"id": "RHSA-2008:0893", "type": "redhat", "title": "(RHSA-2008:0893) Moderate: bzip2 security update", "description": "Bzip2 is a freely available, high-quality data compressor. It provides both\nstand-alone compression and decompression utilities, as well as a shared\nlibrary for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine.\nThis issue could cause an application linked against the libbz2 library to\ncrash when decompressing malformed archives. (CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue.", "published": "2008-09-16T04:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0893", "cvelist": ["CVE-2008-1372"], "lastseen": "2018-03-28T01:01:09"}], "ubuntu": [{"id": "USN-590-1", "type": "ubuntu", "title": "bzip2 vulnerability", "description": "It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service.", "published": "2008-03-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/590-1/", "cvelist": ["CVE-2008-1372"], "lastseen": "2018-03-29T18:20:45"}], "centos": [{"id": "CESA-2008:0893-01", "type": "centos", "title": "bzip2 security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0893-01\n\n\nBzip2 is a freely available, high-quality data compressor. It provides both\nstand-alone compression and decompression utilities, as well as a shared\nlibrary for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine.\nThis issue could cause an application linked against the libbz2 library to\ncrash when decompressing malformed archives. (CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015254.html\n\n**Affected packages:**\nbzip2\nbzip2-devel\nbzip2-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2008-09-17T00:31:08", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015254.html", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-12T14:46:15"}, {"id": "CESA-2008:0893", "type": "centos", "title": "bzip2 security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0893\n\n\nBzip2 is a freely available, high-quality data compressor. It provides both\nstand-alone compression and decompression utilities, as well as a shared\nlibrary for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine.\nThis issue could cause an application linked against the libbz2 library to\ncrash when decompressing malformed archives. (CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015250.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015251.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015252.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015253.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015257.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015258.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015259.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015260.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015261.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015262.html\n\n**Affected packages:**\nbzip2\nbzip2-devel\nbzip2-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0893.html", "published": "2008-09-16T15:23:39", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015250.html", "cvelist": ["CVE-2008-1372"], "lastseen": "2017-10-12T14:44:48"}], "slackware": [{"id": "SSA-2008-098-02", "type": "slackware", "title": "bzip2", "description": "New bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, and -current to fix a DoS issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372\n\n\nHere are the details from the Slackware 12.0 ChangeLog:\n\npatches/packages/bzip2-1.0.5-i486-1_slack12.0.tgz: Upgraded to bzip2-1.0.5.\n Previous versions of bzip2 contained a buffer overread error that could cause\n applications linked to libbz2 to crash, resulting in a denial of service.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bzip2-1.0.5-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bzip2-1.0.5-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bzip2-1.0.5-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bzip2-1.0.5-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bzip2-1.0.5-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bzip2-1.0.5-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bzip2-1.0.5-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bzip2-1.0.5-i486-1_slack12.0.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/bzip2-1.0.5-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\ncddf69b03404779b6d23a7d7604198c5 bzip2-1.0.5-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n5e153b9606326c3c61ac0018c1e460b6 bzip2-1.0.5-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n066bb2e9c00387f3cbf134ba0e973766 bzip2-1.0.5-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n09dc74761b62f3ed1a12df70e1191dc3 bzip2-1.0.5-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\nab458a6b065dd2636623c01cdac41b21 bzip2-1.0.5-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n9e082446dc0672f2f26b9200c1290ee3 bzip2-1.0.5-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n730d057101b68e2f30f6f68b8eab25a8 bzip2-1.0.5-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\nb8bcf145b4f28e5db65fc8f5e2cc4fe6 bzip2-1.0.5-i486-1_slack12.0.tgz\n\nSlackware -current package:\n3611aec2aab0ca7168865bcfd8187046 bzip2-1.0.5-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bzip2-1.0.5-i486-1_slack12.0.tgz", "published": "2008-04-07T11:50:30", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263", "cvelist": ["CVE-2008-1372"], "lastseen": "2018-02-02T18:11:27"}], "vmware": [{"id": "VMSA-2008-0019", "type": "vmware", "title": "VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "description": "a. Critical Memory corruption vulnerability \n \nA memory corruption condition may occur in the virtual machine \nhardware. A malicious request sent from the guest operating \nsystem to the virtual hardware may cause the virtual hardware to \nwrite to uncontrolled physical memory. \nVMware would like to thank Andrew Honig of the Department of \nDefense for reporting this issue. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2008-4917 to this issue. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "published": "2008-12-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2008-0019.html", "cvelist": ["CVE-2008-1372", "CVE-2008-4917"], "lastseen": "2016-09-04T11:19:24"}], "seebug": [{"id": "SSV:11998", "type": "seebug", "title": "Apple Mac OS X 2009-003\u4fee\u8865\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "Bugraq ID: 35954\r\nCVE ID\uff1aCVE-2009-1723\r\nCVE-2009-1726\r\nCVE-2009-1727\r\nCVE-2009-0151\r\nCVE-2009-1728\r\nCVE-2009-2188\r\nCVE-2009-2190\r\nCVE-2009-2191\r\nCVE-2009-2192\r\nCVE-2009-2193\r\nCVE-2009-2194\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n\r\nApple Mac OS X\u662f\u4e00\u6b3e\u57fa\u4e8eBSD\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nApple Mac OS X\u5b89\u5168\u5347\u7ea72009-003\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\nCVE-ID: CVE-2008-1372\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\n \r\nbzip2\u5b58\u5728\u8d8a\u754c\u5185\u5b58\u53d1\u90a3\u4e2a\u543b\u95ee\u9898\uff0c\u6784\u5efa\u6076\u610f\u7684\u538b\u7f29\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1723\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\n \r\n\u5f53Safari\u8bbf\u95ee\u5230\u901a\u8fc7302\u91cd\u5b9a\u5411\u7684WEB\u7ad9\u70b9\u65f6\uff0c\u4f1a\u63d0\u793a\u8bc1\u4e66\u8b66\u544a\uff0c\u6b64\u8b66\u544a\u4f1a\u5305\u542b\u539f\u59cbWEB\u7ad9\u70b9URL\u6765\u4ee3\u66ff\u5f53\u524dWEB\u7ad9\u70b9URL\uff0c\u8fd9\u5141\u8bb8\u6076\u610f\u6784\u5efa\u7684WEB\u7ad9\u70b9\u53ef\u63a7\u5236\u663e\u793a\u5728\u8bc1\u4e66\u8b66\u544a\u4e2d\u7684WEB\u7ad9\u70b9URL\uff0c\u5bfc\u81f4\u7528\u6237\u76f2\u76ee\u4fe1\u4efb\u3002\r\nCVE-ID: CVE-2009-1726\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\n \r\n\u6253\u5f00\u4e00\u4e2a\u7279\u6b8a\u6784\u5efa\u7684\u4f7f\u7528\u5d4c\u5165\u5f0fColorSync\u914d\u7f6e\u6587\u4ef6\u7684\u56fe\u50cf\u65f6\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1727\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\n \r\n\u6253\u5f00\u90e8\u5206\u4e0d\u5b89\u5168\u5185\u5bb9\u7c7b\u578b\u65f6\u6ca1\u6709\u5bf9\u7528\u6237\u63d0\u793a\u8b66\u544a\uff0c\u53ef\u5bfc\u81f4\u6076\u610f\u811a\u672c\u4ee3\u7801\u8d1f\u8f7d\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0151\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\n \r\n\u5c4f\u5e55\u4fdd\u62a4\u6ca1\u6709\u6b63\u786e\u963b\u65adfour-finger Multi-Touch gestures\u591a\u70b9\u89e6\u63a7\uff0c\u5141\u8bb8\u7269\u7406\u8bbf\u95ee\u7684\u7528\u6237\u53ef\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\r\nCVE-ID: CVE-2009-1728\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\n \r\n\u5904\u7406Canon RAW\u56fe\u50cf\u5b58\u5728\u591a\u4e2a\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1722\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1721\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u5185\u5b58\u8bbf\u95ee\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\r\n\u3002\r\nCVE-ID: CVE-2009-1720\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2188\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\n \r\nImageIO\u5904\u7406EXIF\u5143\u6570\u636e\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0040\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\n \r\n\u5904\u7406PNG\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u6307\u9488\u95ee\u9898\uff0c\u6784\u5efa\u7279\u6b8a\u7684PNG\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-1235\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\n \r\n\u5185\u6838fcntl\u7cfb\u7edf\u8c03\u7528\u5904\u7406\u5b58\u5728\u5b9e\u73b0\u9519\u8bef\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u8986\u76d6\u5185\u6838\u5185\u5b58\u4ee5\u7cfb\u7edf\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-ID: CVE-2009-2190\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\n \r\n\u5bf9\u57fa\u4e8einetd\u7684launchd\u670d\u52a1\u6253\u5f00\u591a\u4e2a\u8fde\u63a5\uff0c\u53ef\u5bfc\u81f4launchd\u505c\u6b62\u5bf9\u5916\u8fde\u63a5\u7684\u54cd\u5e94\u3002\r\nCVE-ID: CVE-2009-2191\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\n \r\n\u767b\u5f55\u7a97\u53e3\u5904\u7406\u5e94\u7528\u7a0b\u5e8f\u540d\u5b58\u5728\u683c\u5f0f\u4e32\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2192\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\n \r\nMobileMe\u5b58\u5728\u4e00\u4e2a\u903b\u8f91\u9519\u8bef\uff0c\u5728\u9000\u51fa\u65f6\u6ca1\u6709\u5220\u9664\u6240\u6709\u51ed\u636e\uff0c\u672c\u5730\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u5176\u4ed6MobileMe\u5e10\u6237\u76f8\u5173\u8d44\u6e90\u3002\r\nCVE-ID: CVE-2009-2193\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\n \r\n\u5185\u6838\u5904\u7406 AppleTalk\u5e94\u7b54\u62a5\u6587\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\nCVE-ID: CVE-2009-2194\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n \r\n\u5904\u7406\u901a\u8fc7\u672c\u5730\u5957\u63a5\u5b57\u5171\u4eab\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\u5b58\u5728\u540c\u6b65\u95ee\u9898\uff0c\u901a\u8fc7\u53d1\u9001\u5305\u542b\u6587\u4ef6\u63cf\u8ff0\u7b26\u7684\u6d88\u606f\u7ed9\u6ca1\u6709\u63a5\u6536\u8005\u7684\u5957\u63a5\u5b57\uff0c\u672c\u5730\u7528\u6237\u53ef\u5bfc\u81f4\u7cfb\u7edf\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2008-0674\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20080674\r\n \r\nXQuery\u4f7f\u7528\u7684PCRE\u5e93\u5904\u7406\u89c4\u5219\u8868\u8fbe\u5f0f\u4e2d\u7684\u5b57\u7b26\u7c7b\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6784\u5efa\u6076\u610f\u7684XML\u5185\u5bb9\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\n\nApple Mac OS X Server 10.5.7\r\nApple Mac OS X Server 10.5.6\r\nApple Mac OS X Server 10.5.5\r\nApple Mac OS X Server 10.5.4\r\nApple Mac OS X Server 10.5.3\r\nApple Mac OS X Server 10.5.2\r\nApple Mac OS X Server 10.5.1\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.10\r\nApple Mac OS X Server 10.4.9\r\nApple Mac OS X Server 10.4.8\r\nApple Mac OS X Server 10.4.7\r\nApple Mac OS X Server 10.4.6\r\nApple Mac OS X Server 10.4.5\r\nApple Mac OS X Server 10.4.4\r\nApple Mac OS X Server 10.4.3\r\nApple Mac OS X Server 10.4.2\r\nApple Mac OS X Server 10.4.1\r\nApple Mac OS X Server 10.4\r\nApple Mac OS X Server 10.5\r\nApple Mac OS X 10.5.7\r\nApple Mac OS X 10.5.6\r\nApple Mac OS X 10.5.5\r\nApple Mac OS X 10.5.4\r\nApple Mac OS X 10.5.3\r\nApple Mac OS X 10.5.2\r\nApple Mac OS X 10.5.1\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.10\r\nApple Mac OS X 10.4.9\r\nApple Mac OS X 10.4.8\r\nApple Mac OS X 10.4.7\r\nApple Mac OS X 10.4.6\r\nApple Mac OS X 10.4.5\r\nApple Mac OS X 10.4.4\r\nApple Mac OS X 10.4.3\r\nApple Mac OS X 10.4.2\r\nApple Mac OS X 10.4.1\r\nApple Mac OS X 10.4\r\nApple Mac OS X 10.5\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u5347\u7ea7\u8865\u4e01\uff1a\r\nApple Mac OS X Server 10.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.4.11\r\nApple SecUpdSrvr2009-003PPC.dmg\r\nPowerPC\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpdSrvr2009-003Univ.dmg\r\nUniversal\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.4.11\r\nApple SecUpd2009-003Intel.dmg\r\nIntel\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpd2009-003PPC.dmg\r\nPPC\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.1\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.1\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.2\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.2\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.3\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.3\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.4\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.4\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.6\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.6\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.7\r\nApple MacOSXServerUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.7\r\nApple MacOSXUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/", "published": "2009-08-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-11998", "cvelist": ["CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235", "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726", "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191", "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194"], "lastseen": "2017-11-19T18:41:10"}]}}