Debian 5.0 Lenny: DSA-2112-1 High: Bzip2 Integer Overflow Risk
debian
September 20, 2010
Mikolaj Izdebski has discovered an integer overflow flaw in the BZ2_decompress function in bzip2/libbz2
Topics Covered
Summary
After the upgrade, all running services that use libbz2 need to be
restarted.
This update also provides rebuilt dpkg packages, which are statically
linked to the fixed version of libbz2. Updated packages for clamav,
which is also affected by this issue, will be provided on debian-volatile.
For the stable distribution (lenny), these problems have been fixed in
version 1.0.4-1+lenny1.
For the testing distribution (squeeze) and the unstable distribution (sid),
this problem in bzip2 will be fixed soon. Updated dpkg packages are not
necessary for testing/unstable.
We recommend that you upgrade your bzip2 / dpkg packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding t...
PREVIOUS
NEXT
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!