Rapid7 Vulnerability & Exploit Database

RHSA-2010:0703: bzip2 security update

Back to Search

RHSA-2010:0703: bzip2 security update

Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
09/28/2010
Created
07/25/2018
Added
09/30/2010
Modified
07/04/2017

Description

bzip2 is a freely available, high-quality data compressor. It provides bothstandalone compression and decompression utilities, as well as a sharedlibrary for use with other programs.An integer overflow flaw was discovered in the bzip2 decompression routine.This issue could, when decompressing malformed archives, cause bzip2, or anapplication linked against the libbz2 library, to crash or, potentially,execute arbitrary code. (CVE-2010-0405)Users of bzip2 should upgrade to these updated packages, which contain abackported patch to resolve this issue. All running applications using thelibbz2 library must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-bzip2
  • redhat-upgrade-bzip2-devel
  • redhat-upgrade-bzip2-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;