{"cve": [{"lastseen": "2017-09-29T14:25:48", "references": ["http://www.ubuntulinux.org/support/documentation/usn/usn-590-1", "http://www.securityfocus.com/archive/1/archive/1/489968/100/0/threaded", "http://www.vupen.com/english/advisories/2009/2172", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html", "http://www.kb.cert.org/vuls/id/813451", "http://www.securityfocus.com/bid/28286", "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", "http://www.redhat.com/support/errata/RHSA-2008-0893.html", "http://kb.vmware.com/kb/1006982", "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", "http://www.securityfocus.com/archive/1/archive/1/498863/100/0/threaded", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:075", "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", "http://kb.vmware.com/kb/1007504", "http://support.apple.com/kb/HT3757", "http://www.ipcop.org/index.php?name=News&file=article&sid=40", "http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml", "http://www.vupen.com/english/advisories/2008/2557", "http://www.vupen.com/english/advisories/2008/0915", "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", "http://www.bzip.org/CHANGES", "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc", "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", "https://bugs.gentoo.org/attachment.cgi?id=146488&action=view", "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118", "http://security.gentoo.org/glsa/glsa-200903-40.xml", "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263", "http://www.securitytracker.com/id?1020867", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41249", "http://kb.vmware.com/kb/1007198"], "description": "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.", "edition": 3, "reporter": "NVD", "published": "2008-03-18T17:44:00", "title": "CVE-2008-1372", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:25:48", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10067", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-1372"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10067", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10067"}], "modified": "2017-09-28T21:30:40", "cpe": ["cpe:/a:bzip:bzip2:1.0.3", "cpe:/a:bzip:bzip2:0.9.5a", "cpe:/a:bzip:bzip2:0.9_a", "cpe:/a:bzip:bzip2:1.0", "cpe:/a:bzip:bzip2:0.9.5c", "cpe:/a:bzip:bzip2:0.9.5d", "cpe:/a:bzip:bzip2:0.9", "cpe:/a:bzip:bzip2:1.0.2", "cpe:/a:bzip:bzip2:0.9_b", "cpe:/a:bzip:bzip2:0.9.5b", "cpe:/a:bzip:bzip2:0.9_c", "cpe:/a:bzip:bzip2:1.0.1"], "id": "CVE-2008-1372", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1372", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T00:16:36", "references": [], "edition": 1, "description": "", "reporter": "f5", "published": "2009-01-21T03:00:00", "title": "bzip2 vulnerability CVE-2008-1372", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP ASM", "version": "9.3.1", "operator": "le"}, {"name": "FirePass", "version": "6.0.3", "operator": "le"}, {"name": "BIG-IP LTM", "version": "9.3.1", "operator": "le"}, {"name": "BIG-IP PSM", "version": "9.4.6", "operator": "le"}, {"name": "FirePass", "version": "6.1.0", "operator": "le"}, {"name": "FirePass", "version": "5.5.2", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "9.4.6", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "9.4.6", "operator": "le"}, {"name": "BIG-IP GTM", "version": "9.3.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "9.3.1", "operator": "le"}, {"name": "BIG-IP GTM", "version": "9.4.6", "operator": "le"}, {"name": "FirePass", "version": "7.0.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "1.6.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "9.4.6", "operator": "le"}, {"name": "BIG-IP LTM", "version": "9.6.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "9.4.6", "operator": "le"}], "cvelist": ["CVE-2008-1372"], "modified": "2016-07-25T19:55:00", "href": "https://support.f5.com/csp/article/K9592", "id": "F5:K9592", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-12-03T05:27:44", "references": [], "edition": 1, "description": "Information about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372>\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\nF5 Product Development\u00c2 tracked this issue as CR114442 and CR107644\u00c2 for\u00c2 BIG-IP LTM, GTM, ASM, Link Controller, WebAccelerator, PSM, FirePass, and Enterprise Manager, and it was fixed in BIG-IP 9.4.7 and 10.0.0, and in Enterprise Manager 1.7. For information about upgrading, refer to the BIG-IP [LTM](<https://support.f5.com/kb/en-us/products/big-ip_ltm.html>), [ASM](<https://support.f5.com/kb/en-us/products/big-ip_asm.html>), [GTM](<https://support.f5.com/kb/en-us/products/big-ip_gtm.html>), [Link Controller](<https://support.f5.com/kb/en-us/products/lc_9_x.html>), [PSM](<https://support.f5.com/kb/en-us/products/big-ip_psm.html>), [WebAccelerator](<https://support.f5.com/kb/en-us/products/wa.html>), or [Enterprise Manager](<https://support.f5.com/content/kb/en-us/products/em.html>) release notes.\n\nWorkaround\n\nThe affected versions of BIG-IP LTM, GTM, ASM, Link Controller, WebAccelerator, PSM, and Enterprise Manager have the **bzip2** package installed. However, the package is not used and can be safely removed by typing the following command:\n\nrpm -e bzip2\n\n**Note**: The **bzip2** package cannot be safely removed from the affected versions of FirePass and WANJet products.\n\nThe FirePass controller is a closed system with no administrative access to the underlying operating system. Bzip2 is used exclusively for compressing logs, and it poses a low risk of being compromised by this vulnerability.\n", "reporter": "f5", "published": "2009-01-20T00:00:00", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SOL9592 - bzip2 vulnerability CVE-2008-1372", "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP ASM", "version": "9.3.1", "operator": "le"}, {"name": "FirePass", "version": "6.0.3", "operator": "le"}, {"name": "BIG-IP LTM", "version": "9.3.1", "operator": "le"}, {"name": "FirePass", "version": "7.0.0\u00c2", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "9.4.6\u00c2", "operator": "le"}, {"name": "FirePass", "version": "6.1.0", "operator": "le"}, {"name": "FirePass", "version": "5.5.2", "operator": "le"}, {"name": "BIG-IP GTM", "version": "9.3.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "9.3.1", "operator": "le"}, {"name": "BIG-IP GTM", "version": "9.4.6\u00c2\u00a0\u00c2", "operator": "le"}, {"name": "BIG-IP ASM", "version": "9.4.6\u00c2\u00a0\u00c2", "operator": "le"}, {"name": "BIG-IP PSM", "version": "9.4.6\u00c2\u00a0\u00c2", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "9.4.6\u00c2", "operator": "le"}, {"name": "BIG-IP LTM", "version": "9.4.6\u00c2", "operator": "le"}, {"name": "BIG-IP LTM", "version": "9.6.1\u00c2", "operator": "le"}, {"name": "Enterprise Manager", "version": "1.6.0\u00c2", "operator": "le"}], "cvelist": ["CVE-2008-1372"], "modified": "2016-07-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/9000/500/sol9592.html", "id": "SOL9592", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:14:14", "references": ["126868-02", "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126868-02-1"], "pluginID": "855409", "description": "Check for the Version of SunFreeware bzip2", "edition": 1, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-06-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Solaris Update for SunFreeware bzip2 126868-02", "type": "openvas", "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855409", "id": "OPENVAS:855409", "sourceData": "# OpenVAS Vulnerability Test\n#\n# Solaris Update for SunFreeware bzip2 126868-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"SunFreeware bzip2 on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n SunFreeware bzip2\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855409);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2008-1372\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUNSolve\", value: \"126868-02\");\n script_name( \"Solaris Update for SunFreeware bzip2 126868-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-126868-02-1\");\n\n script_summary(\"Check for the Version of SunFreeware bzip2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"126868-02\", package:\"SUNWsfman SUNWbzipS SUNWbzip\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:17", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html", "2008-3037"], "pluginID": "860532", "description": "Check for the Version of bzip2", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for bzip2 FEDORA-2008-3037", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860532", "id": "OPENVAS:860532", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bzip2 FEDORA-2008-3037\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Bzip2 is a freely available, patent-free, high quality data compressor.\n Bzip2 compresses files to within 10 to 15 percent of the capabilities\n of the best techniques available. However, bzip2 has the added benefit\n of being approximately two times faster at compression and six times\n faster at decompression than those techniques. Bzip2 is not the\n fastest compression utility, but it does strike a balance between speed\n and compression capability.\n\n Install bzip2 if you need a compression utility.\";\n\ntag_affected = \"bzip2 on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html\");\n script_id(860532);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3037\");\n script_cve_id(\"CVE-2008-1372\");\n script_name( \"Fedora Update for bzip2 FEDORA-2008-3037\");\n\n script_summary(\"Check for the Version of bzip2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"bzip2\", rpm:\"bzip2~1.0.4~11.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:33", "references": ["http://lists.centos.org/pipermail/centos-announce/2008-September/015250.html", "2008:0893"], "pluginID": "1361412562310880267", "description": "Check for the Version of bzip2", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for bzip2 CESA-2008:0893 centos3 i386", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880267", "id": "OPENVAS:1361412562310880267", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bzip2 CESA-2008:0893 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Bzip2 is a freely available, high-quality data compressor. It provides both\n stand-alone compression and decompression utilities, as well as a shared\n library for use with other programs.\n\n A buffer over-read flaw was discovered in the bzip2 decompression routine.\n This issue could cause an application linked against the libbz2 library to\n crash when decompressing malformed archives. (CVE-2008-1372)\n \n Users of bzip2 should upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"bzip2 on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015250.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880267\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0893\");\n script_cve_id(\"CVE-2008-1372\");\n script_name( \"CentOS Update for bzip2 CESA-2008:0893 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bzip2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"bzip2\", rpm:\"bzip2~1.0.2~12.EL3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bzip2-devel\", rpm:\"bzip2-devel~1.0.2~12.EL3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bzip2-libs\", rpm:\"bzip2-libs~1.0.2~12.EL3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:25", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-21-126868-03-1", "126868-03"], "pluginID": "1361412562310855717", "description": "Check for the Version of SunFreeware bzip2", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for SunFreeware bzip2 126868-03", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855717", "id": "OPENVAS:1361412562310855717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for SunFreeware bzip2 126868-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"SunFreeware bzip2 on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n SunFreeware bzip2\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855717\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2008-1372\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUNSolve\", value: \"126868-03\");\n script_name(\"Solaris Update for SunFreeware bzip2 126868-03\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-126868-03-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of SunFreeware bzip2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"126868-03\", package:\"SUNWsfman SUNWbzip SUNWbzipS\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:40", "references": ["http://lists.centos.org/pipermail/centos-announce/2008-September/015251.html", "2008:0893"], "pluginID": "1361412562310880184", "description": "Check for the Version of bzip2", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for bzip2 CESA-2008:0893 centos3 x86_64", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880184", "id": "OPENVAS:1361412562310880184", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bzip2 CESA-2008:0893 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Bzip2 is a freely available, high-quality data compressor. It provides both\n stand-alone compression and decompression utilities, as well as a shared\n library for use with other programs.\n\n A buffer over-read flaw was discovered in the bzip2 decompression routine.\n This issue could cause an application linked against the libbz2 library to\n crash when decompressing malformed archives. (CVE-2008-1372)\n \n Users of bzip2 should upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"bzip2 on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015251.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880184\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0893\");\n script_cve_id(\"CVE-2008-1372\");\n script_name( \"CentOS Update for bzip2 CESA-2008:0893 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bzip2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"bzip2\", rpm:\"bzip2~1.0.2~12.EL3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bzip2-devel\", rpm:\"bzip2-devel~1.0.2~12.EL3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bzip2-libs\", rpm:\"bzip2-libs~1.0.2~12.EL3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:49", "references": ["2008:075", "http://lists.mandriva.com/security-announce/2008-03/msg00027.php"], "pluginID": "1361412562310830367", "description": "Check for the Version of bzip2", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-09T00:00:00", "title": "Mandriva Update for bzip2 MDVSA-2008:075 (bzip2)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830367", "id": "OPENVAS:1361412562310830367", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for bzip2 MDVSA-2008:075 (bzip2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Bzip2 versions before 1.0.5 are vulnerable to a denial of service\n attack via malicious compressed data.\n\n The updated packages have been patched to prevent the issue.\";\n\ntag_affected = \"bzip2 on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-03/msg00027.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830367\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:075\");\n script_cve_id(\"CVE-2008-1372\");\n script_name( \"Mandriva Update for bzip2 MDVSA-2008:075 (bzip2)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bzip2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"bzip2\", rpm:\"bzip2~1.0.4~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libbzip2_1\", rpm:\"libbzip2_1~1.0.4~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libbzip2_1-devel\", rpm:\"libbzip2_1-devel~1.0.4~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64bzip2_1\", rpm:\"lib64bzip2_1~1.0.4~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64bzip2_1-devel\", rpm:\"lib64bzip2_1-devel~1.0.4~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"bzip2\", rpm:\"bzip2~1.0.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libbzip2_1\", rpm:\"libbzip2_1~1.0.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libbzip2_1-devel\", rpm:\"libbzip2_1-devel~1.0.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64bzip2_1\", rpm:\"lib64bzip2_1~1.0.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64bzip2_1-devel\", rpm:\"lib64bzip2_1-devel~1.0.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"bzip2\", rpm:\"bzip2~1.0.4~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libbzip2_1\", rpm:\"libbzip2_1~1.0.4~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libbzip2_1-devel\", rpm:\"libbzip2_1-devel~1.0.4~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64bzip2_1\", rpm:\"lib64bzip2_1~1.0.4~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64bzip2_1-devel\", rpm:\"lib64bzip2_1-devel~1.0.4~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:46", "references": ["http://lists.centos.org/pipermail/centos-announce/2008-September/015254.html", "2008:0893-01"], "pluginID": "1361412562310880235", "description": "Check for the Version of bzip2", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for bzip2 CESA-2008:0893-01 centos2 i386", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880235", "id": "OPENVAS:1361412562310880235", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bzip2 CESA-2008:0893-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Bzip2 is a freely available, high-quality data compressor. It provides both\n stand-alone compression and decompression utilities, as well as a shared\n library for use with other programs.\n\n A buffer over-read flaw was discovered in the bzip2 decompression routine.\n This issue could cause an application linked against the libbz2 library to\n crash when decompressing malformed archives. (CVE-2008-1372)\n \n Users of bzip2 should upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"bzip2 on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015254.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880235\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0893-01\");\n script_cve_id(\"CVE-2008-1372\");\n script_name( \"CentOS Update for bzip2 CESA-2008:0893-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bzip2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"bzip2\", rpm:\"bzip2~1.0.1~5.EL2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bzip2-devel\", rpm:\"bzip2-devel~1.0.1~5.EL2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bzip2-libs\", rpm:\"bzip2-libs~1.0.1~5.EL2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:10", "references": [], "pluginID": "60632", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Ports: bzip2", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2016-09-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60632", "id": "OPENVAS:60632", "sourceData": "#\n#VID 063399fc-f6d6-11dc-bcee-001c2514716c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: bzip2\n\nCVE-2008-1372\nbzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to\ncause a denial of service (crash) via a crafted file that triggers a\nbuffer over-read, as demonstrated by the PROTOS GENOME test suite for\nArchive Formats.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\nhttp://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\nhttp://www.vuxml.org/freebsd/063399fc-f6d6-11dc-bcee-001c2514716c.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60632);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-1372\");\n script_bugtraq_id(28286);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: bzip2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"bzip2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.5\")<0) {\n txt += 'Package bzip2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:48", "references": ["126869-03", "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126869-03-1"], "pluginID": "855038", "description": "Check for the Version of SunFreeware bzip2", "edition": 1, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-06-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Solaris Update for SunFreeware bzip2 126869-03", "type": "openvas", "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855038", "id": "OPENVAS:855038", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for SunFreeware bzip2 126869-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"SunFreeware bzip2 on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n SunFreeware bzip2\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855038);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2008-1372\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUNSolve\", value: \"126869-03\");\n script_name( \"Solaris Update for SunFreeware bzip2 126869-03\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-126869-03-1\");\n\n script_summary(\"Check for the Version of SunFreeware bzip2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"126869-03\", package:\"SUNWsfman SUNWbzipS SUNWbzip\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:16", "references": [], "pluginID": "65944", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bzip2\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES10: Security update for Linux kernel", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65944", "id": "OPENVAS:65944", "sourceData": "#\n#VID slesp2-bzip2-5295\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bzip2\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65944);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1372\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bzip2\", rpm:\"bzip2~1.0.3~17.9\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:04:30", "references": ["http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", "http://www.nessus.org/u?797363ef", "http://www.nessus.org/u?e4f9b0ab"], "pluginID": "31633", "description": "SecurityFocus reports :\n\nThe 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.\n\nExploit attempts likely result in application crashes.", "edition": 4, "reporter": "Tenable", "published": "2008-03-21T00:00:00", "title": "FreeBSD : bzip2 -- crash with certain malformed archive files (063399fc-f6d6-11dc-bcee-001c2514716c)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2013-06-21T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:bzip2"], "id": "FREEBSD_PKG_063399FCF6D611DCBCEE001C2514716C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31633);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2013/06/21 23:43:34 $\");\n\n script_cve_id(\"CVE-2008-1372\");\n script_bugtraq_id(28286);\n\n script_name(english:\"FreeBSD : bzip2 -- crash with certain malformed archive files (063399fc-f6d6-11dc-bcee-001c2514716c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SecurityFocus reports :\n\nThe 'bzip2' application is prone to a remote file-handling\nvulnerability because the application fails to properly handle\nmalformed files.\n\nExploit attempts likely result in application crashes.\"\n );\n # https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?797363ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\"\n );\n # http://www.freebsd.org/ports/portaudit/063399fc-f6d6-11dc-bcee-001c2514716c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4f9b0ab\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bzip2<1.0.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:11", "references": [], "pluginID": "31677", "description": "It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2008-03-26T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : bzip2 vulnerability (USN-590-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:bzip2", "p-cpe:/a:canonical:ubuntu_linux:lib32bz2-1.0", "p-cpe:/a:canonical:ubuntu_linux:libbz2-dev", "p-cpe:/a:canonical:ubuntu_linux:lib64bz2-dev", "p-cpe:/a:canonical:ubuntu_linux:lib32bz2-dev", "p-cpe:/a:canonical:ubuntu_linux:libbz2-1.0", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:lib64bz2-1.0", "p-cpe:/a:canonical:ubuntu_linux:bzip2-doc", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-590-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-590-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31677);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2008-1372\");\n script_bugtraq_id(28286);\n script_xref(name:\"USN\", value:\"590-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : bzip2 vulnerability (USN-590-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that bzip2 did not correctly handle certain\nmalformed archives. If a user or automated system were tricked into\nprocessing a specially crafted bzip2 archive, applications linked\nagainst libbz2 could be made to crash, possibly leading to a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bzip2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lib32bz2-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lib32bz2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lib64bz2-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lib64bz2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbz2-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbz2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"bzip2\", pkgver:\"1.0.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"lib32bz2-1.0\", pkgver:\"1.0.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"lib32bz2-dev\", pkgver:\"1.0.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"lib64bz2-1.0\", pkgver:\"1.0.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"lib64bz2-dev\", pkgver:\"1.0.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libbz2-1.0\", pkgver:\"1.0.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libbz2-dev\", pkgver:\"1.0.3-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"bzip2\", pkgver:\"1.0.3-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"lib32bz2-1.0\", pkgver:\"1.0.3-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"lib32bz2-dev\", pkgver:\"1.0.3-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"lib64bz2-1.0\", pkgver:\"1.0.3-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"lib64bz2-dev\", pkgver:\"1.0.3-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libbz2-1.0\", pkgver:\"1.0.3-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libbz2-dev\", pkgver:\"1.0.3-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"bzip2\", pkgver:\"1.0.3-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"lib32bz2-1.0\", pkgver:\"1.0.3-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"lib32bz2-dev\", pkgver:\"1.0.3-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"lib64bz2-1.0\", pkgver:\"1.0.3-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"lib64bz2-dev\", pkgver:\"1.0.3-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libbz2-1.0\", pkgver:\"1.0.3-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libbz2-dev\", pkgver:\"1.0.3-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"bzip2\", pkgver:\"1.0.4-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"bzip2-doc\", pkgver:\"1.0.4-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"lib32bz2-1.0\", pkgver:\"1.0.4-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"lib32bz2-dev\", pkgver:\"1.0.4-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"lib64bz2-1.0\", pkgver:\"1.0.4-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"lib64bz2-dev\", pkgver:\"1.0.4-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libbz2-1.0\", pkgver:\"1.0.4-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libbz2-dev\", pkgver:\"1.0.4-0ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bzip2 / bzip2-doc / lib32bz2-1.0 / lib32bz2-dev / lib64bz2-1.0 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:36", "references": ["http://www.nessus.org/u?9349b5c6"], "pluginID": "60474", "description": "A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080916_BZIP2_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60474);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:53 $\");\n\n script_cve_id(\"CVE-2008-1372\");\n\n script_name(english:\"Scientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer over-read flaw was discovered in the bzip2 decompression\nroutine. This issue could cause an application linked against the\nlibbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0809&L=scientific-linux-errata&T=0&P=576\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9349b5c6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bzip2, bzip2-devel and / or bzip2-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"bzip2-1.0.2-12.EL3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"bzip2-devel-1.0.2-12.EL3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"bzip2-libs-1.0.2-12.EL3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"bzip2-1.0.2-14.el4_7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bzip2-devel-1.0.2-14.el4_7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bzip2-libs-1.0.2-14.el4_7\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"bzip2-1.0.3-4.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bzip2-devel-1.0.3-4.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bzip2-libs-1.0.3-4.el5_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:38:55", "references": ["http://support.novell.com/security/cve/CVE-2008-1372.html"], "pluginID": "41204", "description": "Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)", "edition": 4, "reporter": "Tenable", "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : bzip2 (YOU Patch Number 12119)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2012-04-23T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12119.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41204", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41204);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:14:42 $\");\n\n script_cve_id(\"CVE-2008-1372\");\n\n script_name(english:\"SuSE9 Security Update : bzip2 (YOU Patch Number 12119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1372.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12119.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"bzip2-1.0.2-346.9\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"bzip2-32bit-9-200803201535\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:40", "references": ["https://oss.oracle.com/pipermail/el-errata/2008-September/000737.html", "https://oss.oracle.com/pipermail/el-errata/2008-September/000736.html", "https://oss.oracle.com/pipermail/el-errata/2008-September/000735.html"], "pluginID": "67750", "description": "From Red Hat Security Advisory 2008:0893 :\n\nUpdated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nBzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : bzip2 (ELSA-2008-0893)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bzip2-libs", "p-cpe:/a:oracle:linux:bzip2-devel", "p-cpe:/a:oracle:linux:bzip2", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2008-0893.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67750", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0893 and \n# Oracle Linux Security Advisory ELSA-2008-0893 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67750);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2008-1372\");\n script_xref(name:\"RHSA\", value:\"2008:0893\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : bzip2 (ELSA-2008-0893)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0893 :\n\nUpdated bzip2 packages that fix a security issue are now available for\nRed Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nBzip2 is a freely available, high-quality data compressor. It provides\nboth stand-alone compression and decompression utilities, as well as a\nshared library for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression\nroutine. This issue could cause an application linked against the\nlibbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain\na backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-September/000735.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-September/000736.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-September/000737.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bzip2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bzip2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bzip2-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"bzip2-1.0.2-12.EL3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"bzip2-1.0.2-12.EL3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"bzip2-devel-1.0.2-12.EL3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"bzip2-devel-1.0.2-12.EL3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"bzip2-libs-1.0.2-12.EL3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"bzip2-libs-1.0.2-12.EL3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"bzip2-1.0.2-14.el4_7\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"bzip2-devel-1.0.2-14.el4_7\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"bzip2-libs-1.0.2-14.el4_7\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"bzip2-1.0.3-4.el5_2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bzip2-devel-1.0.3-4.el5_2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bzip2-libs-1.0.3-4.el5_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bzip2 / bzip2-devel / bzip2-libs\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:42:10", "references": ["https://www.redhat.com/security/data/cve/CVE-2008-1372.html", "http://rhn.redhat.com/errata/RHSA-2008-0893.html"], "pluginID": "34229", "description": "Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nBzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "edition": 6, "reporter": "Tenable", "published": "2008-09-17T00:00:00", "title": "RHEL 2.1 / 3 / 4 / 5 : bzip2 (RHSA-2008:0893)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:bzip2", "p-cpe:/a:redhat:enterprise_linux:bzip2-libs", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:bzip2-devel", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2008-0893.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0893. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34229);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n\n script_cve_id(\"CVE-2008-1372\");\n script_xref(name:\"RHSA\", value:\"2008:0893\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 / 5 : bzip2 (RHSA-2008:0893)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bzip2 packages that fix a security issue are now available for\nRed Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nBzip2 is a freely available, high-quality data compressor. It provides\nboth stand-alone compression and decompression utilities, as well as a\nshared library for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression\nroutine. This issue could cause an application linked against the\nlibbz2 library to crash when decompressing malformed archives.\n(CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain\na backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-1372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2008-0893.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bzip2, bzip2-devel and / or bzip2-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bzip2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bzip2-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0893\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"bzip2-1.0.1-5.EL2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"bzip2-devel-1.0.1-5.EL2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"bzip2-libs-1.0.1-5.EL2.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"bzip2-1.0.2-12.EL3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"bzip2-devel-1.0.2-12.EL3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"bzip2-libs-1.0.2-12.EL3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"bzip2-1.0.2-14.el4_7\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"bzip2-devel-1.0.2-14.el4_7\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"bzip2-libs-1.0.2-14.el4_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bzip2-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bzip2-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bzip2-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"bzip2-devel-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"bzip2-libs-1.0.3-4.el5_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bzip2 / bzip2-devel / bzip2-libs\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:54", "references": ["http://support.novell.com/security/cve/CVE-2008-1372.html"], "pluginID": "41482", "description": "Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)", "edition": 4, "reporter": "Tenable", "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5295)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_BZIP2-5295.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41482", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41482);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/05/17 10:53:20 $\");\n\n script_cve_id(\"CVE-2008-1372\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5295)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Specially crafted files could crash the bzip2-decoder. (CVE-2008-1372)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1372.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5295.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"bzip2-1.0.3-17.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"bzip2-32bit-1.0.3-17.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"bzip2-1.0.3-17.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"bzip2-32bit-1.0.3-17.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:48:18", "references": [], "pluginID": "37613", "description": "Bzip2 versions before 1.0.5 are vulnerable to a denial of service attack via malicious compressed data.\n\nThe updated packages have been patched to prevent the issue.", "edition": 5, "reporter": "Tenable", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : bzip2 (MDVSA-2008:075)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:bzip2", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:lib64bzip2_1-devel", "p-cpe:/a:mandriva:linux:libbzip2_1-devel", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:lib64bzip2_1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libbzip2_1"], "id": "MANDRIVA_MDVSA-2008-075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37613", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37613);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2008-1372\");\n script_bugtraq_id(28286);\n script_xref(name:\"MDVSA\", value:\"2008:075\");\n\n script_name(english:\"Mandriva Linux Security Advisory : bzip2 (MDVSA-2008:075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bzip2 versions before 1.0.5 are vulnerable to a denial of service\nattack via malicious compressed data.\n\nThe updated packages have been patched to prevent the issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64bzip2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64bzip2_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libbzip2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libbzip2_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"bzip2-1.0.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64bzip2_1-1.0.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64bzip2_1-devel-1.0.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libbzip2_1-1.0.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libbzip2_1-devel-1.0.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"bzip2-1.0.4-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64bzip2_1-1.0.4-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64bzip2_1-devel-1.0.4-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libbzip2_1-1.0.4-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libbzip2_1-devel-1.0.4-1.1mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"bzip2-1.0.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64bzip2_1-1.0.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64bzip2_1-devel-1.0.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libbzip2_1-1.0.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libbzip2_1-devel-1.0.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:27", "references": ["https://security.gentoo.org/glsa/200804-02"], "pluginID": "31753", "description": "The remote host is affected by the vulnerability described in GLSA-200804-02 (bzip2: Denial of Service)\n\n The Oulu University discovered that bzip2 does not properly check offsets provided by the bzip2 file, leading to a buffer overread.\n Impact :\n\n Remote attackers can entice a user or automated system to open a specially crafted file that triggers a buffer overread, causing a Denial of Service. libbz2 and programs linking against it are also affected.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2008-04-04T00:00:00", "title": "GLSA-200804-02 : bzip2: Denial of Service", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:bzip2"], "id": "GENTOO_GLSA-200804-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31753", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-02.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31753);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2008-1372\");\n script_xref(name:\"GLSA\", value:\"200804-02\");\n\n script_name(english:\"GLSA-200804-02 : bzip2: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-02\n(bzip2: Denial of Service)\n\n The Oulu University discovered that bzip2 does not properly check\n offsets provided by the bzip2 file, leading to a buffer overread.\n \nImpact :\n\n Remote attackers can entice a user or automated system to open a\n specially crafted file that triggers a buffer overread, causing a\n Denial of Service. libbz2 and programs linking against it are also\n affected.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All bzip2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/bzip2-1.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/bzip2\", unaffected:make_list(\"ge 1.0.5\"), vulnerable:make_list(\"lt 1.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bzip2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:43", "references": [], "pluginID": "32211", "description": "Specially crafted files could crash the bzip2-decoder (CVE-2008-1372).", "edition": 4, "reporter": "Tenable", "published": "2008-05-11T00:00:00", "title": "openSUSE 10 Security Update : bzip2 (bzip2-5112)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1372"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:bzip2", "p-cpe:/a:novell:opensuse:bzip2-32bit", "p-cpe:/a:novell:opensuse:libbz2-devel", "p-cpe:/a:novell:opensuse:libbz2-1", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:libbz2-1-32bit"], "id": "SUSE_BZIP2-5112.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32211", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bzip2-5112.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32211);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:06:05 $\");\n\n script_cve_id(\"CVE-2008-1372\");\n\n script_name(english:\"openSUSE 10 Security Update : bzip2 (bzip2-5112)\");\n script_summary(english:\"Check for the bzip2-5112 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Specially crafted files could crash the bzip2-decoder (CVE-2008-1372).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bzip2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bzip2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbz2-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbz2-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbz2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"bzip2-1.0.3-17.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"bzip2-32bit-1.0.3-17.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"bzip2-1.0.3-39.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"bzip2-32bit-1.0.3-39.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"bzip2-1.0.4-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libbz2-1-1.0.4-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libbz2-devel-1.0.4-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libbz2-1-32bit-1.0.4-42.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bzip2 / bzip2-32bit / libbz2-1 / libbz2-1-32bit / libbz2-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:30", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2008-1372"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "1.0.4-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libbz2-1.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.10", "packageVersion": "1.0.3-3ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libbz2-1.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "1.0.3-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libbz2-1.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "1.0.3-6ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libbz2-1.0", "operator": "lt"}], "description": "It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service.", "edition": 3, "reporter": "Ubuntu", "published": "2008-03-24T00:00:00", "title": "bzip2 vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "modified": "2008-03-24T00:00:00", "id": "USN-590-1", "href": "https://usn.ubuntu.com/590-1/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:12", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372", "https://bugs.gentoo.org/show_bug.cgi?id=249140", "https://security.gentoo.org/security/en/glsa/glsa-200804-02.xml"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "6.0-r2", "packageName": "app-admin/analog", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nAnalog is a a webserver log analyzer. \n\n### Description\n\nDiego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02). \n\n### Impact\n\nA local attacker could place specially crafted log files into a log directory being analyzed by analog, e.g. /var/log/apache, resulting in a crash when being processed by the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Analog users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/analog-6.0-r2\"\n\nNOTE: Analog is now linked against the system bzip2 library.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2009-03-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Analog: Denial of Service", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "modified": "2009-03-29T00:00:00", "id": "GLSA-200903-40", "href": "https://security.gentoo.org/glsa/200903-40", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:05", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372", "https://bugs.gentoo.org/show_bug.cgi?id=213820"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.5", "packageName": "app-arch/bzip2", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nbzip2 is a free and open source lossless data compression program. \n\n### Description\n\nThe Oulu University discovered that bzip2 does not properly check offsets provided by the bzip2 file, leading to a buffer overread. \n\n### Impact\n\nRemote attackers can entice a user or automated system to open a specially crafted file that triggers a buffer overread, causing a Denial of Service. libbz2 and programs linking against it are also affected. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll bzip2 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/bzip2-1.0.5\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2008-04-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "gentoo", "title": "bzip2: Denial of Service", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "modified": "2008-04-02T00:00:00", "id": "GLSA-200804-02", "href": "https://security.gentoo.org/glsa/200804-02", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:35", "references": ["http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", "https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "bzip2", "operator": "lt"}], "description": "\nSecurityFocus reports:\n\nThe 'bzip2' application is prone to a remote file-handling\n\t vulnerability because the application fails to properly\n\t handle malformed files.\nExploit attempts likely result in application crashes.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2008-03-18T00:00:00", "title": "bzip2 -- crash with certain malformed archive files", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "modified": "2008-03-18T00:00:00", "id": "063399FC-F6D6-11DC-BCEE-001C2514716C", "href": "https://vuxml.freebsd.org/freebsd/063399fc-f6d6-11dc-bcee-001c2514716c.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-05-11T21:13:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.1-5.EL2.1", "arch": "i386", "packageName": "bzip2", "packageFilename": "bzip2-1.0.1-5.EL2.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "s390", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "s390x", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ia64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ppc64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ia64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ppc", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "s390x", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ppc", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "s390x", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "s390x", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "ppc64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ia64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "s390", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.1-5.EL2.1", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.1-5.EL2.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ia64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "ia64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "s390x", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "s390x", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "s390", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "ia64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "s390x", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.1-5.EL2.1", "arch": "ia64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.1-5.EL2.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.1-5.EL2.1", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.1-5.EL2.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "s390x", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ppc", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ppc", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "s390x", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ppc64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "ppc", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ppc64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "s390", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "ppc", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ia64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "s390", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ppc", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.1-5.EL2.1", "arch": "ia64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.1-5.EL2.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.1-5.EL2.1", "arch": "ia64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.1-5.EL2.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "s390", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "s390", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ppc", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "s390", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "ia64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ia64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.2-12.EL3", "arch": "ppc", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.ppc.rpm", "operator": "lt"}], "description": "Bzip2 is a freely available, high-quality data compressor. It provides both\nstand-alone compression and decompression utilities, as well as a shared\nlibrary for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine.\nThis issue could cause an application linked against the libbz2 library to\ncrash when decompressing malformed archives. (CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue.", "reporter": "RedHat", "published": "2008-09-16T04:00:00", "type": "redhat", "title": "(RHSA-2008:0893) Moderate: bzip2 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-11T23:27:03", "id": "RHSA-2008:0893", "href": "https://access.redhat.com/errata/RHSA-2008:0893", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:03", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageFilename": "bzip2-1.0.3-4.el5_2.x86_64.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ia64", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.ia64.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.i386.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.i386.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.i386.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageFilename": "bzip2-1.0.2-14.el4_7.x86_64.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.i386.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.i386.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "src", "packageFilename": "bzip2-1.0.2-12.EL3.src.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "src", "packageFilename": "bzip2-1.0.2-12.EL3.src.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageFilename": "bzip2-devel-1.0.2-12.EL3.i386.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "src", "packageFilename": "bzip2-1.0.3-4.el5_2.src.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "src", "packageFilename": "bzip2-1.0.3-4.el5_2.src.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "src", "packageFilename": "bzip2-1.0.3-4.el5_2.src.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageFilename": "bzip2-1.0.2-14.el4_7.i386.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "src", "packageFilename": "bzip2-1.0.2-14.el4_7.src.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "src", "packageFilename": "bzip2-1.0.2-14.el4_7.src.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "src", "packageFilename": "bzip2-1.0.2-14.el4_7.src.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.x86_64.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.x86_64.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.i386.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.i386.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.i386.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ia64", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.ia64.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageFilename": "bzip2-1.0.2-12.EL3.i386.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageFilename": "bzip2-libs-1.0.2-12.EL3.i386.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageFilename": "bzip2-libs-1.0.2-12.EL3.i386.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ia64", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.ia64.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.i386.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.i386.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ia64", "packageFilename": "bzip2-1.0.2-14.el4_7.ia64.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageFilename": "bzip2-1.0.3-4.el5_2.i386.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "ia64", "packageFilename": "bzip2-1.0.3-4.el5_2.ia64.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageFilename": "bzip2-libs-1.0.2-12.EL3.x86_64.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.x86_64.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "ia64", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.ia64.rpm", "packageName": "bzip2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.x86_64.rpm", "packageName": "bzip2-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageFilename": "bzip2-1.0.2-12.EL3.x86_64.rpm", "packageName": "bzip2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageFilename": "bzip2-devel-1.0.2-12.EL3.x86_64.rpm", "packageName": "bzip2-devel", "operator": "lt"}], "description": "[1.0.3-4]\n- Resolves: #461587\n fix cash on malformed archive file - CVE-2008-1372\n (apply upstream patch)", "edition": 3, "reporter": "Oracle", "published": "2008-09-16T00:00:00", "title": "bzip2 security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "modified": "2008-09-16T00:00:00", "id": "ELSA-2008-0893", "href": "http://linux.oracle.com/errata/ELSA-2008-0893.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:44:48", "references": ["http://pasi.pirhonen.eu/", "https://rhn.redhat.com/errata/RHSA-2008-0893.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.c4", "arch": "ia64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.c4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.c4", "arch": "ia64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.c4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4", "arch": "s390x", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "any", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "any", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "s390x", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4_7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "ia64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "s390x", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "s390", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "any", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "any", "packageName": "bzip2", "packageFilename": "bzip2-1.0.3-4.el5_2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "any", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "any", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "x86_64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.3-4.el5_2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "s390", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4", "arch": "s390x", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "s390", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "ia64", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-12.EL3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "s390x", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "x86_64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-12.EL3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4", "arch": "s390x", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "i386", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4", "arch": "s390", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.3-4.el5_2", "arch": "i386", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.3-4.el5_2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-14.el4_7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.2-12.EL3", "arch": "ia64", "packageName": "bzip2", "packageFilename": "bzip2-1.0.2-12.EL3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4", "arch": "s390", "packageName": "bzip2-devel", "packageFilename": "bzip2-devel-1.0.2-14.el4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4", "arch": "s390", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.el4_7", "arch": "x86_64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.el4_7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.2-14.c4", "arch": "ia64", "packageName": "bzip2-libs", "packageFilename": "bzip2-libs-1.0.2-14.c4.ia64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0893\n\n\nBzip2 is a freely available, high-quality data compressor. It provides both\nstand-alone compression and decompression utilities, as well as a shared\nlibrary for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine.\nThis issue could cause an application linked against the libbz2 library to\ncrash when decompressing malformed archives. (CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015250.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015251.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015252.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015253.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015257.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015258.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015259.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015260.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015261.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015262.html\n\n**Affected packages:**\nbzip2\nbzip2-devel\nbzip2-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0893.html", "edition": 2, "reporter": "CentOS Project", "published": "2008-09-16T15:23:39", "title": "bzip2 security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "modified": "2008-09-19T18:26:21", "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015250.html", "id": "CESA-2008:0893", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:46:15", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.1-5.EL2.1", "packageFilename": "bzip2-devel-1.0.1-5.EL2.1.i386.rpm", "packageName": "bzip2-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.1-5.EL2.1", "packageFilename": "bzip2-libs-1.0.1-5.EL2.1.i386.rpm", "packageName": "bzip2-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.1-5.EL2.1", "packageFilename": "bzip2-1.0.1-5.EL2.1.i386.rpm", "packageName": "bzip2", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0893-01\n\n\nBzip2 is a freely available, high-quality data compressor. It provides both\nstand-alone compression and decompression utilities, as well as a shared\nlibrary for use with other programs.\n\nA buffer over-read flaw was discovered in the bzip2 decompression routine.\nThis issue could cause an application linked against the libbz2 library to\ncrash when decompressing malformed archives. (CVE-2008-1372)\n\nUsers of bzip2 should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015254.html\n\n**Affected packages:**\nbzip2\nbzip2-devel\nbzip2-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2008-09-17T00:31:08", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "bzip2 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "modified": "2008-09-17T00:31:08", "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015254.html", "id": "CESA-2008:0893-01", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:37:06", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "9.0", "packageVersion": "1.0.5", "arch": "i386", "packageFilename": "bzip2-1.0.5-i386-1_slack9.0.tgz", "packageName": "bzip2", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.1", "packageVersion": "1.0.5", "arch": "i486", "packageFilename": "bzip2-1.0.5-i486-1_slack9.1.tgz", "packageName": "bzip2", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.0", "packageVersion": "1.0.5", "arch": "i486", "packageFilename": "bzip2-1.0.5-i486-1_slack12.0.tgz", "packageName": "bzip2", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.2", "packageVersion": "1.0.5", "arch": "i486", "packageFilename": "bzip2-1.0.5-i486-1_slack10.2.tgz", "packageName": "bzip2", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.1", "packageVersion": "1.0.5", "arch": "i486", "packageFilename": "bzip2-1.0.5-i486-1_slack10.1.tgz", "packageName": "bzip2", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.0", "packageVersion": "1.0.5", "arch": "i486", "packageFilename": "bzip2-1.0.5-i486-1_slack10.0.tgz", "packageName": "bzip2", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "11.0", "packageVersion": "1.0.5", "arch": "i486", "packageFilename": "bzip2-1.0.5-i486-1_slack11.0.tgz", "packageName": "bzip2", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "8.1", "packageVersion": "1.0.5", "arch": "i386", "packageFilename": "bzip2-1.0.5-i386-1_slack8.1.tgz", "packageName": "bzip2", "operator": "lt"}], "description": "New bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, and -current to fix a DoS issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372\n\n\nHere are the details from the Slackware 12.0 ChangeLog:\n\npatches/packages/bzip2-1.0.5-i486-1_slack12.0.tgz: Upgraded to bzip2-1.0.5.\n Previous versions of bzip2 contained a buffer overread error that could cause\n applications linked to libbz2 to crash, resulting in a denial of service.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bzip2-1.0.5-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bzip2-1.0.5-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bzip2-1.0.5-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bzip2-1.0.5-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bzip2-1.0.5-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bzip2-1.0.5-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bzip2-1.0.5-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bzip2-1.0.5-i486-1_slack12.0.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/bzip2-1.0.5-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\ncddf69b03404779b6d23a7d7604198c5 bzip2-1.0.5-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n5e153b9606326c3c61ac0018c1e460b6 bzip2-1.0.5-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n066bb2e9c00387f3cbf134ba0e973766 bzip2-1.0.5-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n09dc74761b62f3ed1a12df70e1191dc3 bzip2-1.0.5-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\nab458a6b065dd2636623c01cdac41b21 bzip2-1.0.5-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n9e082446dc0672f2f26b9200c1290ee3 bzip2-1.0.5-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n730d057101b68e2f30f6f68b8eab25a8 bzip2-1.0.5-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\nb8bcf145b4f28e5db65fc8f5e2cc4fe6 bzip2-1.0.5-i486-1_slack12.0.tgz\n\nSlackware -current package:\n3611aec2aab0ca7168865bcfd8187046 bzip2-1.0.5-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bzip2-1.0.5-i486-1_slack12.0.tgz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2008-04-07T11:50:30", "title": "bzip2", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372"], "modified": "2008-04-07T11:50:30", "id": "SSA-2008-098-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "references": [], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200903-40\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Analog: Denial of Service\r\n Date: March 29, 2009\r\n Bugs: #249140\r\n ID: 200903-40\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA Denial of Service vulnerability was discovered in Analog.\r\n\r\nBackground\r\n==========\r\n\r\nAnalog is a a webserver log analyzer.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 app-admin/analog < 6.0-r2 >= 6.0-r2\r\n\r\nDescription\r\n===========\r\n\r\nDiego E. Petteno reported that the Analog package in Gentoo is built\r\nwith its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA\r\n200804-02).\r\n\r\nImpact\r\n======\r\n\r\nA local attacker could place specially crafted log files into a log\r\ndirectory being analyzed by analog, e.g. /var/log/apache, resulting in\r\na crash when being processed by the application.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Analog users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=app-admin/analog-6.0-r2"\r\n\r\nNOTE: Analog is now linked against the system bzip2 library.\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-1372\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372\r\n [ 2 ] GLSA 200804-02\r\n http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200903-40.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2009 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2009-03-30T00:00:00", "title": "[ GLSA 200903-40 ] Analog: Denial of Service", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:29", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1372"], "modified": "2009-03-30T00:00:00", "id": "SECURITYVULNS:DOC:21544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21544", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:28", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2008-0019\r\nSynopsis: VMware Hosted products and patches for ESX and ESXi\r\n resolve a critical security issue and update bzip2\r\nIssue date: 2008-12-02\r\nUpdated on: 2008-12-02 (initial release of advisory)\r\nCVE numbers: CVE-2008-4917 CVE-2008-1372\r\n- -------------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n Updated VMware Hosted products and patches for ESX and ESXi resolve\r\n two security issues. The first is a critical memory corruption\r\n vulnerability in virtual device hardware. The second is an updated\r\n bzip2 package for the Service Console.\r\n\r\n2. Relevant releases\r\n\r\n VMware Workstation 6.0.5 and earlier,\r\n VMware Workstation 5.5.8 and earlier,\r\n VMware Player 2.0.5 and earlier,\r\n VMware Player 1.0.8 and earlier,\r\n VMware Server 1.0.9 and earlier,\r\n\r\n VMware ESXi 3.5 without patch ESXe350-200811401-O-SG\r\n\r\n VMware ESX 3.5 without patches ESX350-200811406-SG and\r\n ESX350-200811401-SG\r\n\r\n VMware ESX 3.0.3 without patches ESX303-200811404-SG and\r\n ESX303-200811401-BG\r\n\r\n VMware ESX 3.0.2 without patches ESX-1006980 and ESX-1006982\r\n\r\n NOTE: Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.\r\n Users should plan to upgrade to ESX 3.0.3 and preferably to\r\n the newest release available.\r\n\r\n3. Problem Description\r\n\r\n a. Critical Memory corruption vulnerability\r\n\r\n A memory corruption condition may occur in the virtual machine\r\n hardware. A malicious request sent from the guest operating\r\n system to the virtual hardware may cause the virtual hardware to\r\n write to uncontrolled physical memory.\r\n\r\n VMware would like to thank Andrew Honig of the Department of\r\n Defense for reporting this issue.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2008-4917 to this issue.\r\n\r\n The following table lists what action remediates the vulnerability\r\n (column 4) if a solution is available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not affected\r\n\r\n Workstation 6.5.x any not affected\r\n Workstation 6.0.x any 6.5.0 build 118166 or later\r\n Workstation 5.x any 5.5.9 build 126128 or later\r\n\r\n Player 2.5.x any not affected\r\n Player 2.0.x any 2.5.0 build 118166 or later\r\n Player 1.x any 1.0.9 build 126128 or later\r\n\r\n ACE 2.5.x Windows not affected\r\n ACE 2.0.x Windows 2.5.0 build 118166 or later\r\n ACE 1.x Windows 1.0.8 build 125922 or later\r\n\r\n Server 2.x any not affected\r\n Server 1.x any 1.0.8 build 126538 or later\r\n\r\n Fusion 2.x Mac OS/X not affected\r\n Fusion 1.x Mac OS/X upgrade to Fusion 2.0 or later\r\n\r\n ESXi 3.5 ESXi ESXe350-200811401-O-SG\r\n\r\n ESX 3.5 ESX ESX350-200811401-SG\r\n ESX 3.0.3 ESX ESX303-200811401-BG\r\n ESX 3.0.2 ESX ESX-1006980\r\n ESX 2.5.5 ESX not affected\r\n\r\n b. Updated Service Console package bzip2\r\n\r\n bzip2 versions before 1.0.5 can crash if certain flaws in compressed\r\n data lead to reading beyond the end of a buffer. This might cause\r\n an application linked to the libbz2 library to crash when\r\n decompressing malformed archives.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2008-1372 to this issue.\r\n\r\n The following table lists what action remediates the vulnerability\r\n (column 4) if a solution is available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n VirtualCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n\r\n ESXi 3.5 ESXi not affected\r\n\r\n ESX 3.5 ESX ESX350-200811406-SG\r\n ESX 3.0.3 ESX ESX303-200811404-SG\r\n ESX 3.0.2 ESX ESX-1006982\r\n ESX 2.5.5 ESX affected, patch pending\r\n\r\n * hosted products are VMware Workstation, Player, ACE,\r\n Server, Fusion.\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and version\r\n and verify the md5sum of your downloaded file.\r\n\r\n VMware Workstation 5.5.9\r\n ------------------------\r\n http://www.vmware.com/download/ws/ws5.html\r\n Release notes:\r\n http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\r\n\r\n Windows binary:\r\n md5sum: 509c7b323a8ac42c0a92b0a1446bb0f8\r\n\r\n Compressed Tar archive for 32-bit Linux\r\n md5sum: 9d189e72f8111e44b27f1ee92edf265e\r\n\r\n Linux RPM version for 32-bit Linux\r\n md5sum: 0957c5258d033d0107517df64bfea240\r\n\r\n\r\n VMware Player 1.0.9\r\n -----------------------------\r\n http://www.vmware.com/download/player/\r\n Release notes Player 1.x:\r\n http://www.vmware.com/support/player/doc/releasenotes_player.html\r\n\r\n Windows binary\r\n md5sum: e2c8dd7b27df7d348f14f69de017b93f\r\n\r\n Player 1.0.9 for Linux (.rpm)\r\n md5sum: 471c3881fa60b058b1dac1d3c9c32c85\r\n\r\n Player 1.0.9 for Linux (.tar)\r\n md5sum: bef507811698e7333f5e8cb672530dbf\r\n\r\n\r\n VMware Server 1.0.8\r\n -------------------\r\n http://www.vmware.com/download/server/\r\n Release notes:\r\n http://www.vmware.com/support/server/doc/releasenotes_server.html\r\n\r\n VMware Server for Windows 32-bit and 64-bit\r\n md5sum: 4ba41e5fa192f786121a7395ebaa8d7c\r\n\r\n VMware Server Windows client package\r\n md5sum: f25746e275ca00f28d44ad372fc92536\r\n\r\n VMware Server for Linux\r\n md5sum: a476d3953ab1ff8457735e692fa5edf9\r\n\r\n VMware Server for Linux rpm\r\n md5sum: af6890506618fa82928fbfba8a5f97e1\r\n\r\n Management Interface\r\n md5sum: 5982b84a39479cabce63e12ab664d369\r\n\r\n VMware Server Linux client package\r\n md5sum: 605d7db48f63211cc3f5ddb2b3f915a6\r\n\r\n\r\n ESXi\r\n ----\r\n ESXi 3.5 patch ESXe350-200811401-O-SG\r\n http://download3.vmware.com/software/vi/ESXe350-200811401-O-SG.zip\r\n md5sum: e895c8cb0d32b722d7820d0214416092\r\n http://kb.vmware.com/kb/1007507\r\n\r\n NOTE: The three ESXi patches for Firmware "I", VMware Tools "T," and\r\n the VI Client "C" are contained in a single offline "O"\r\n download file.\r\n\r\n ESX\r\n ---\r\n ESX 3.5 patch ESX350-200811401-SG (memory corruption)\r\n http://download3.vmware.com/software/vi/ESX350-200811401-SG.zip\r\n md5sum: 988042ce20ce2381216fbe1862c3e66d\r\n http://kb.vmware.com/kb/1007501\r\n\r\n ESX 3.5 patch ESX350-200811406-SG (bzip2)\r\n http://download3.vmware.com/software/vi/ESX350-200811406-SG.zip\r\n md5sum: 285ec405ac34a196cbb796922e22cca2\r\n http://kb.vmware.com/kb/1007504\r\n\r\n ESX 3.0.3 patch ESX303-200811401-BG (memory corruption)\r\n http://download3.vmware.com/software/vi/ESX303-200811401-BG.zip\r\n md5sum: 26bf687a3483951d1f14ab66edf1d196\r\n http://kb.vmware.com/kb/1006986\r\n\r\n ESX 3.0.3 patch ESX303-200811404-SG (bzip2)\r\n http://download3.vmware.com/software/vi/ESX303-200811404-SG.zip\r\n md5sum: 2707e4a599867b0444e85a75a471ed4f\r\n http://kb.vmware.com/kb/1007198\r\n\r\n ESX 3.0.2 patch ESX-1006980 (memory corruption)\r\n http://download3.vmware.com/software/vi/ESX-1006980.tgz\r\n md5sum: 5e73f1585fea3ee770b2df2b94e73ca4\r\n http://kb.vmware.com/kb/1006980\r\n\r\n ESX 3.0.2 patch ESX-1006982 (bzip2)\r\n http://download3.vmware.com/software/vi/ESX-1006982.tgz\r\n md5sum: 4921cf542b5979bd0eef7f2c15683b71\r\n http://kb.vmware.com/kb/1006982\r\n\r\n5. References\r\n\r\n CVE numbers\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4917\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372\r\n\r\n- -------------------------------------------------------------------------\r\n6. Change log\r\n\r\n2008-12-02 VMSA-2008-0019\r\nInitial security advisory after release of patches for ESXi, ESX 3.5,\r\nESX 3.0.3, ESX 3.0.2. Updated hosted products were previously released\r\non 2008-11-06.\r\n\r\n- ------------------------------------------------------------------------\r\n7. Contact\r\n\r\nE-mail list for product security notifications and announcements:\r\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\nThis Security Advisory is posted to the following lists:\r\n\r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n\r\nE-mail: security at vmware.com\r\nPGP key at: http://kb.vmware.com/kb/1055\r\n\r\nVMware Security Center\r\nhttp://www.vmware.com/security\r\n\r\nVMware security response policy\r\nhttp://www.vmware.com/support/policies/security_response.html\r\n\r\nGeneral support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos.html\r\n\r\nVMware Infrastructure support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos_vi.html\r\n\r\nCopyright 2008 VMware Inc. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.5 (MingW32)\r\n\r\niD8DBQFJNhfuS2KysvBH1xkRAt0NAJ0ap7HIEzEsxWxxeJbni4I5SaBeLACfdKSt\r\nA0VgCubYwg7psnfOUEHM9+o=\r\n=mieL\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2008-12-04T00:00:00", "title": "VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:28", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1372", "CVE-2008-4917"], "modified": "2008-12-04T00:00:00", "id": "SECURITYVULNS:DOC:20947", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20947", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:28", "references": ["https://vulners.com/securityvulns/securityvulns:doc:19477", "https://vulners.com/securityvulns/securityvulns:doc:21544", "https://vulners.com/securityvulns/securityvulns:doc:19478"], "description": "No description provided", "edition": 1, "reporter": "BUGTRAQ", "published": "2009-03-30T00:00:00", "title": "unzip / bzip2 DoS", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:28", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "bzip2", "version": "1.0", "operator": "eq"}, {"name": "analog", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2008-1372", "CVE-2008-0888"], "modified": "2009-03-30T00:00:00", "id": "SECURITYVULNS:VULN:8822", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8822", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "references": [], "description": "About the security content of Security Update 2009-003 / Mac OS X v10.5.8\r\n\r\n * Last Modified: August 05, 2009\r\n * Article: HT3757\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2009-003 / Mac OS X v10.5.8, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nProduct Security\r\nSecurity Update 2009-003 / Mac OS X v10.5.8\r\n\r\n *\r\n\r\n bzip2\r\n\r\n CVE-ID: CVE-2008-1372\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Decompressing maliciously crafted data may lead to an unexpected application termination\r\n\r\n Description: An out-of-bounds memory access exists in bzip2. Opening a maliciously crafted compressed file may lead to an unexpected application termination. This update addresses the issue by updating bzip2 to version 1.0.5. Further information is available via the bzip2 web site at http://bzip.org/\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-1723\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A maliciously crafted website may control the displayed website URL in a certificate warning\r\n\r\n Description: When Safari reaches a website via a 302 redirection and a certificate warning is displayed, the warning will contain the original website URL instead of the current website URL. This may allow a maliciously crafted website that is reached via an open redirector on a user-trusted website to control the displayed website URL in a certificate warning. This issue was addressed by returning the correct URL in the underlying CFNetwork layer. This issue does not affect systems prior to Mac OS X v10.5. Credit to Kevin Day of Your.Org, and Jason Mueller of Indiana University for reporting this issue.\r\n\r\n *\r\n\r\n ColorSync\r\n\r\n CVE-ID: CVE-2009-1726\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ColorSync profiles. Credit to Chris Evans of the Google Security Team for reporting this issue.\r\n\r\n *\r\n\r\n CoreTypes\r\n\r\n CVE-ID: CVE-2009-1727\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Users are not warned before opening certain potentially unsafe content types\r\n\r\n Description: This update extends the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious JavaScript payload. This update improves the system's ability to notify users before handling content types used by Safari. Credit to Brian Mastenbrook, and Clint Ruoho of Laconic Security for reporting this issue.\r\n\r\n *\r\n\r\n Dock\r\n\r\n CVE-ID: CVE-2009-0151\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A person with physical access to a locked system may use four-finger Multi-Touch gestures\r\n\r\n Description: The screen saver does not block four-finger Multi-Touch gestures, which may allow a person with physical access to a locked system to manage applications or use Expose. This update addresses the issue by properly blocking Multi-Touch gestures when the screen saver is running. This issue only affects systems with a Multi-Touch trackpad.\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2009-1728\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted Canon RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4 systems, this issue is already addressed with Digital Camera RAW Compatibility Update 2.6. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1722\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by updating OpenEXR to version 1.6.1. Credit to Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1721\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through proper memory initialization and additional validation of OpenEXR images. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1720\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple integer overflows exist in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-2188\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in ImageIO's handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-0040\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized pointer issue exists in the handling of PNG images. Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PNG images. Credit to Tavis Ormandy of the Google Security Team for reporting this issue.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2009-1235\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A local user may obtain system privileges\r\n\r\n Description: An implementation issue exists in the kernel's handling of fcntl system calls. A local user may overwrite kernel memory and execute arbitrary code with system privileges. This update addresses the issue through improved handling of fcntl system calls. Credit to Razvan Musaloiu-E. of Johns Hopkins University, HiNRG for reporting this issue.\r\n\r\n *\r\n\r\n launchd\r\n\r\n CVE-ID: CVE-2009-2190\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Opening many connections to an inetd-based launchd service may lead to a denial of service\r\n\r\n Description: Opening many connections to an inetd-based launchd service may cause launchd to stop servicing incoming connections to that service until the next system restart. This update addresses the issue through improved error handling.\r\n\r\n *\r\n\r\n Login Window\r\n\r\n CVE-ID: CVE-2009-2191\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A format string issue in Login Window may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A format string issue in Login Window's handling of application names may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of application names. Credit to Alfredo Pesoli of 0xcafebabe.it for reporting this issue.\r\n\r\n *\r\n\r\n MobileMe\r\n\r\n CVE-ID: CVE-2009-2192\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Signing out of MobileMe does not remove all credentials\r\n\r\n Description: A logic issue exists in the MobileMe preference pane. Signing out of the preference pane does not delete all credentials. A person with access to the local user account may continue to access any other system associated with the MobileMe account which had previously been signed in for that local account. This update addresses the issue by deleting all the credentials on sign out.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2009-2193\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Receiving a maliciously crafted AppleTalk response packet may lead to arbitrary code execution with system privileges or an unexpected system shutdown\r\n\r\n Description: A buffer overflow exists in the kernel's handling of AppleTalk response packets. Receiving a maliciously crafted AppleTalk response packet may lead to arbitrary code execution with system privileges or an unexpected system shutdown. This update addresses the issue through improved validation of AppleTalk response packets. Credit to Ilja van Sprundel from IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2009-2194\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A synchronization issue exists in the handling of file descriptor sharing over local sockets. By sending messages containing file descriptors to a socket with no receiver, a local user may cause an unexpected system shutdown. This update addresses the issue through improved handling of file descriptor sharing. Credit to Bennet Yee of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n XQuery\r\n\r\n CVE-ID: CVE-2008-0674\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Processing maliciously crafted XML content may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in the handling of character classes in regular expressions in the Perl Compatible Regular Expressions (PCRE) library used by XQuery. This may allow a remote attacker to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. This update addresses the issue by updating PCRE to version 7.6.\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2009-08-07T00:00:00", "title": "About the security content of Security Update 2009-003 / Mac OS X v10.5.8", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:31", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-2192", "CVE-2008-1372", "CVE-2009-1235", "CVE-2009-1721", "CVE-2009-2194", "CVE-2009-0040", "CVE-2009-2193", "CVE-2009-2190", "CVE-2009-1726", "CVE-2009-1728", "CVE-2009-1720", "CVE-2009-1722", "CVE-2008-0674", "CVE-2009-1727", "CVE-2009-0151", "CVE-2009-1723", "CVE-2009-2191", "CVE-2009-2188"], "modified": "2009-08-07T00:00:00", "id": "SECURITYVULNS:DOC:22251", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22251", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:41", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "2.5.5 Upgrade Patch 11", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows/Linux", "OSVersion": "any", "packageVersion": "1.0.9 build 126128", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Player", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX303-200811404-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "1.0.8 build 126538", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Server", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "1.0.8 build 125922", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ACE", "operator": "lt"}, {"OS": "Mac OS", "OSVersion": "any", "packageVersion": "2.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Fusion", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX-1006982", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows/Linux", "OSVersion": "any", "packageVersion": "6.5.0 build 118166", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Workstation", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-200811401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX303-200811401-BG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "2.5.0 build 118166", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ACE", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX-1006980", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-200811406-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESX350-200811401-O-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "Windows/Linux", "OSVersion": "any", "packageVersion": "2.5.0 build 118166", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Player", "operator": "lt"}, {"OS": "Windows/Linux", "OSVersion": "any", "packageVersion": "5.5.9 build 126128", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Workstation", "operator": "lt"}], "description": "a. Critical Memory corruption vulnerability \n \nA memory corruption condition may occur in the virtual machine \nhardware. A malicious request sent from the guest operating \nsystem to the virtual hardware may cause the virtual hardware to \nwrite to uncontrolled physical memory. \nVMware would like to thank Andrew Honig of the Department of \nDefense for reporting this issue. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2008-4917 to this issue. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2008-12-02T00:00:00", "title": "VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-1372", "CVE-2008-4917"], "modified": "2008-12-02T00:00:00", "id": "VMSA-2008-0019", "href": "https://www.vmware.com/security/advisories/VMSA-2008-0019.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:41:10", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "Bugraq ID: 35954\r\nCVE ID\uff1aCVE-2009-1723\r\nCVE-2009-1726\r\nCVE-2009-1727\r\nCVE-2009-0151\r\nCVE-2009-1728\r\nCVE-2009-2188\r\nCVE-2009-2190\r\nCVE-2009-2191\r\nCVE-2009-2192\r\nCVE-2009-2193\r\nCVE-2009-2194\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n\r\nApple Mac OS X\u662f\u4e00\u6b3e\u57fa\u4e8eBSD\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nApple Mac OS X\u5b89\u5168\u5347\u7ea72009-003\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\nCVE-ID: CVE-2008-1372\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\n \r\nbzip2\u5b58\u5728\u8d8a\u754c\u5185\u5b58\u53d1\u90a3\u4e2a\u543b\u95ee\u9898\uff0c\u6784\u5efa\u6076\u610f\u7684\u538b\u7f29\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1723\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\n \r\n\u5f53Safari\u8bbf\u95ee\u5230\u901a\u8fc7302\u91cd\u5b9a\u5411\u7684WEB\u7ad9\u70b9\u65f6\uff0c\u4f1a\u63d0\u793a\u8bc1\u4e66\u8b66\u544a\uff0c\u6b64\u8b66\u544a\u4f1a\u5305\u542b\u539f\u59cbWEB\u7ad9\u70b9URL\u6765\u4ee3\u66ff\u5f53\u524dWEB\u7ad9\u70b9URL\uff0c\u8fd9\u5141\u8bb8\u6076\u610f\u6784\u5efa\u7684WEB\u7ad9\u70b9\u53ef\u63a7\u5236\u663e\u793a\u5728\u8bc1\u4e66\u8b66\u544a\u4e2d\u7684WEB\u7ad9\u70b9URL\uff0c\u5bfc\u81f4\u7528\u6237\u76f2\u76ee\u4fe1\u4efb\u3002\r\nCVE-ID: CVE-2009-1726\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\n \r\n\u6253\u5f00\u4e00\u4e2a\u7279\u6b8a\u6784\u5efa\u7684\u4f7f\u7528\u5d4c\u5165\u5f0fColorSync\u914d\u7f6e\u6587\u4ef6\u7684\u56fe\u50cf\u65f6\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1727\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\n \r\n\u6253\u5f00\u90e8\u5206\u4e0d\u5b89\u5168\u5185\u5bb9\u7c7b\u578b\u65f6\u6ca1\u6709\u5bf9\u7528\u6237\u63d0\u793a\u8b66\u544a\uff0c\u53ef\u5bfc\u81f4\u6076\u610f\u811a\u672c\u4ee3\u7801\u8d1f\u8f7d\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0151\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\n \r\n\u5c4f\u5e55\u4fdd\u62a4\u6ca1\u6709\u6b63\u786e\u963b\u65adfour-finger Multi-Touch gestures\u591a\u70b9\u89e6\u63a7\uff0c\u5141\u8bb8\u7269\u7406\u8bbf\u95ee\u7684\u7528\u6237\u53ef\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\r\nCVE-ID: CVE-2009-1728\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\n \r\n\u5904\u7406Canon RAW\u56fe\u50cf\u5b58\u5728\u591a\u4e2a\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1722\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1721\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u5185\u5b58\u8bbf\u95ee\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\r\n\u3002\r\nCVE-ID: CVE-2009-1720\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2188\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\n \r\nImageIO\u5904\u7406EXIF\u5143\u6570\u636e\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0040\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\n \r\n\u5904\u7406PNG\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u6307\u9488\u95ee\u9898\uff0c\u6784\u5efa\u7279\u6b8a\u7684PNG\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-1235\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\n \r\n\u5185\u6838fcntl\u7cfb\u7edf\u8c03\u7528\u5904\u7406\u5b58\u5728\u5b9e\u73b0\u9519\u8bef\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u8986\u76d6\u5185\u6838\u5185\u5b58\u4ee5\u7cfb\u7edf\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-ID: CVE-2009-2190\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\n \r\n\u5bf9\u57fa\u4e8einetd\u7684launchd\u670d\u52a1\u6253\u5f00\u591a\u4e2a\u8fde\u63a5\uff0c\u53ef\u5bfc\u81f4launchd\u505c\u6b62\u5bf9\u5916\u8fde\u63a5\u7684\u54cd\u5e94\u3002\r\nCVE-ID: CVE-2009-2191\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\n \r\n\u767b\u5f55\u7a97\u53e3\u5904\u7406\u5e94\u7528\u7a0b\u5e8f\u540d\u5b58\u5728\u683c\u5f0f\u4e32\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2192\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\n \r\nMobileMe\u5b58\u5728\u4e00\u4e2a\u903b\u8f91\u9519\u8bef\uff0c\u5728\u9000\u51fa\u65f6\u6ca1\u6709\u5220\u9664\u6240\u6709\u51ed\u636e\uff0c\u672c\u5730\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u5176\u4ed6MobileMe\u5e10\u6237\u76f8\u5173\u8d44\u6e90\u3002\r\nCVE-ID: CVE-2009-2193\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\n \r\n\u5185\u6838\u5904\u7406 AppleTalk\u5e94\u7b54\u62a5\u6587\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\nCVE-ID: CVE-2009-2194\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n \r\n\u5904\u7406\u901a\u8fc7\u672c\u5730\u5957\u63a5\u5b57\u5171\u4eab\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\u5b58\u5728\u540c\u6b65\u95ee\u9898\uff0c\u901a\u8fc7\u53d1\u9001\u5305\u542b\u6587\u4ef6\u63cf\u8ff0\u7b26\u7684\u6d88\u606f\u7ed9\u6ca1\u6709\u63a5\u6536\u8005\u7684\u5957\u63a5\u5b57\uff0c\u672c\u5730\u7528\u6237\u53ef\u5bfc\u81f4\u7cfb\u7edf\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2008-0674\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20080674\r\n \r\nXQuery\u4f7f\u7528\u7684PCRE\u5e93\u5904\u7406\u89c4\u5219\u8868\u8fbe\u5f0f\u4e2d\u7684\u5b57\u7b26\u7c7b\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6784\u5efa\u6076\u610f\u7684XML\u5185\u5bb9\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\n\nApple Mac OS X Server 10.5.7\r\nApple Mac OS X Server 10.5.6\r\nApple Mac OS X Server 10.5.5\r\nApple Mac OS X Server 10.5.4\r\nApple Mac OS X Server 10.5.3\r\nApple Mac OS X Server 10.5.2\r\nApple Mac OS X Server 10.5.1\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.10\r\nApple Mac OS X Server 10.4.9\r\nApple Mac OS X Server 10.4.8\r\nApple Mac OS X Server 10.4.7\r\nApple Mac OS X Server 10.4.6\r\nApple Mac OS X Server 10.4.5\r\nApple Mac OS X Server 10.4.4\r\nApple Mac OS X Server 10.4.3\r\nApple Mac OS X Server 10.4.2\r\nApple Mac OS X Server 10.4.1\r\nApple Mac OS X Server 10.4\r\nApple Mac OS X Server 10.5\r\nApple Mac OS X 10.5.7\r\nApple Mac OS X 10.5.6\r\nApple Mac OS X 10.5.5\r\nApple Mac OS X 10.5.4\r\nApple Mac OS X 10.5.3\r\nApple Mac OS X 10.5.2\r\nApple Mac OS X 10.5.1\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.10\r\nApple Mac OS X 10.4.9\r\nApple Mac OS X 10.4.8\r\nApple Mac OS X 10.4.7\r\nApple Mac OS X 10.4.6\r\nApple Mac OS X 10.4.5\r\nApple Mac OS X 10.4.4\r\nApple Mac OS X 10.4.3\r\nApple Mac OS X 10.4.2\r\nApple Mac OS X 10.4.1\r\nApple Mac OS X 10.4\r\nApple Mac OS X 10.5\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u5347\u7ea7\u8865\u4e01\uff1a\r\nApple Mac OS X Server 10.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.4.11\r\nApple SecUpdSrvr2009-003PPC.dmg\r\nPowerPC\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpdSrvr2009-003Univ.dmg\r\nUniversal\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.4.11\r\nApple SecUpd2009-003Intel.dmg\r\nIntel\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpd2009-003PPC.dmg\r\nPPC\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.1\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.1\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.2\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.2\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.3\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.3\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.4\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.4\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.6\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.6\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.7\r\nApple MacOSXServerUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.7\r\nApple MacOSXUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/", "reporter": "Root", "published": "2009-08-06T00:00:00", "title": "Apple Mac OS X 2009-003\u4fee\u8865\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235", "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726", "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191", "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-08-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11998", "id": "SSV:11998", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}]}
