Debian: DSA-2112-1: New bzip2 packages fix integer overflow

    Date20 Sep 2010
    CategoryDebian
    43
    Posted ByLinuxSecurity Advisories
    Mikolaj Izdebski has discovered an integer overflow flaw in the BZ2_decompress function in bzip2/libbz2. An attacker could use a crafted bz2 file to cause a denial of service (application crash) or potentially to execute arbitrary code. (CVE-2010-0405)
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2112-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Stefan Fritsch
    September 20, 2010                    http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : bzip2
    Vulnerability  : integer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2010-0405
    
    Mikolaj Izdebski has discovered an integer overflow flaw in the 
    BZ2_decompress function in bzip2/libbz2. An attacker could use a 
    crafted bz2 file to cause a denial of service (application crash)
    or potentially to execute arbitrary code. (CVE-2010-0405)
    
    After the upgrade, all running services that use libbz2 need to be
    restarted.
    
    This update also provides rebuilt dpkg packages, which are statically
    linked to the fixed version of libbz2. Updated packages for clamav,
    which is also affected by this issue, will be provided on debian-volatile.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 1.0.4-1+lenny1.
    
    For the testing distribution (squeeze) and the unstable distribution (sid),
    this problem in bzip2 will be fixed soon. Updated dpkg packages are not
    necessary for testing/unstable.
    
    
    We recommend that you upgrade your bzip2 / dpkg packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    After having upgraded the package, you need to restart all processes using
    libbz2. The script checkrestart from the debian-goodies package or lsof
    may help to find out which processes are still using the old libbz2.
    
    Debian GNU/Linux 5.0 alias lenny (stable)
    - -----------------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1.diff.gz
        Size/MD5 checksum:    74478 9ec5bb67e5f6c99b5b6f352912b3e579
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1.dsc
        Size/MD5 checksum:     1268 49148e873a1a034bcf7b3f1ab0270d3c
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5.orig.tar.gz
        Size/MD5 checksum:   841402 3c15a0c8d1d3ee1c46a1634d00617b1a
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2-doc_1.0.5-1+lenny1_all.deb
        Size/MD5 checksum:   328678 2eb7e29774ee00081f4d7610a8304484
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_alpha.deb
        Size/MD5 checksum:    49094 e9ae3d734f06e81953515f60fba0ce8a
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_alpha.deb
        Size/MD5 checksum:    51538 deeb65ca6c5d16eae0f25057671a54dc
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_alpha.deb
        Size/MD5 checksum:   814294 9b64639e393ffde20280d6a48c7dba08
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_alpha.deb
        Size/MD5 checksum:    41098 3913d07da04ab37e6561f5746024348e
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_alpha.deb
        Size/MD5 checksum:  2446208 d1cab263f3346ff47604c4aac1f5d59c
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_amd64.deb
        Size/MD5 checksum:    32890 d2c70ba262935a61a4c5951fd40a3c15
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_amd64.deb
        Size/MD5 checksum:    47224 66fd25864d902b9d6bb8af141b19548d
      http://security.debian.org/pool/updates/main/b/bzip2/lib32bz2-dev_1.0.5-1+lenny1_amd64.deb
        Size/MD5 checksum:    29840 0c520207f7e657b6574cf4309f804863
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_amd64.deb
        Size/MD5 checksum:  2400424 210a4a2ca529b99ab5e131158c402120
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_amd64.deb
        Size/MD5 checksum:   800290 9c350b1aa1bcafd18ad649b30ef8104f
      http://security.debian.org/pool/updates/main/b/bzip2/lib32bz2-1.0_1.0.5-1+lenny1_amd64.deb
        Size/MD5 checksum:    39346 0439e6a1dd28630012e5591d52ab4e1c
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_amd64.deb
        Size/MD5 checksum:    44760 7eea90824b2614bb7764e416bbc3d1d4
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_arm.deb
        Size/MD5 checksum:   798732 7309855fb75617b3130053b3273a1f8d
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_arm.deb
        Size/MD5 checksum:    47126 7b0a40f9e501ee56b456f55834ae9f97
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_arm.deb
        Size/MD5 checksum:  2364968 4178b286863ce2fdc493a6a08f38ed0a
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_arm.deb
        Size/MD5 checksum:    37210 5d5cce29422604e1545810736f44a813
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_arm.deb
        Size/MD5 checksum:    49306 5f857695483d509b4cd6c4fe0fdc14c9
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_armel.deb
        Size/MD5 checksum:    35564 151e6c92ab7ad53b1aef2fc4a9245bf9
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_armel.deb
        Size/MD5 checksum:    49468 37b66c58308384f26b1cf87e2e2606fa
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_armel.deb
        Size/MD5 checksum:    47950 2f74c036772104f65c0e797ed8172a97
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_armel.deb
        Size/MD5 checksum:  2360910 5dbe217dc3632301839cc8be5bed3c2f
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_armel.deb
        Size/MD5 checksum:   796054 cc19f0a01b88de281a9ca5454d4a754b
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_hppa.deb
        Size/MD5 checksum:    48862 99d2593276f9eb01a88598896e839f2e
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_hppa.deb
        Size/MD5 checksum:    46204 195d02c8e354cf9bee097d067f46a4d9
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_hppa.deb
        Size/MD5 checksum:  2413382 9e8ea016eee008676a4cf53097fac370
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_hppa.deb
        Size/MD5 checksum:   811616 c5e9d3f53ccaaea8bc3efa18ae99ff96
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_hppa.deb
        Size/MD5 checksum:    34344 43f1ae1876c155b2a41fc70e6eb7641d
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_i386.deb
        Size/MD5 checksum:    30602 a2040e027027c149969c2ab768f6f876
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_i386.deb
        Size/MD5 checksum:  2354846 b7499108e6cf6d2a22397751a6dc755c
      http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_i386.deb
        Size/MD5 checksum:    39186 f41c42d825b96635b13821486ea3b102
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_i386.deb
        Size/MD5 checksum:    31864 cbdbbdc542154f8e1409d3be3709fef1
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_i386.deb
        Size/MD5 checksum:   798254 fb4ad78b55a6b49b96ea1d11379d478c
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_i386.deb
        Size/MD5 checksum:    46028 d0447893fc59117c5d9890dcabaa1af8
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_i386.deb
        Size/MD5 checksum:    45002 4868e2b861a3892cb643304da3190973
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_ia64.deb
        Size/MD5 checksum:    55428 865a5ae63899961560e57641c7ae02bc
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_ia64.deb
        Size/MD5 checksum:    60992 6323ccf3e62a27c73df4b95661829e76
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_ia64.deb
        Size/MD5 checksum:  2606750 4e2900ae1c5eb95173d30a3d9ae42c7d
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_ia64.deb
        Size/MD5 checksum:    50216 cbb265211d45c68be3b641e5bce63af4
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_ia64.deb
        Size/MD5 checksum:   844082 483bfba5089a50f97e3f5e9321295340
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_mips.deb
        Size/MD5 checksum:   810012 bb5316f1da4ef5f47415eefcc858f12f
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_mips.deb
        Size/MD5 checksum:  2407294 4077524c950efa25aa61c847ce143e31
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_mips.deb
        Size/MD5 checksum:    36248 838bd54d3f465563505424e90bfea7bf
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_mips.deb
        Size/MD5 checksum:    48258 f46895c762f7a93daa7b98099f5b4c30
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_mips.deb
        Size/MD5 checksum:    46698 c05038ff9d9769501036dd84b95522f3
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_mipsel.deb
        Size/MD5 checksum:    46852 f66389169e23ed4d0096a6e7e73c6ddf
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_mipsel.deb
        Size/MD5 checksum:  2404626 4783ca538db34a536ef1db2412b47a90
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_mipsel.deb
        Size/MD5 checksum:    47786 7410ad390d009220853ff00d64f0bc83
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_mipsel.deb
        Size/MD5 checksum:    36478 203963f8890c0234ee58b52c5af5d6e9
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_mipsel.deb
        Size/MD5 checksum:   809502 d73e1ba5574c7f8721e6bf294a119fb2
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_powerpc.deb
        Size/MD5 checksum:    36046 574333f9a2931436c6874f0cb0190f8f
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_powerpc.deb
        Size/MD5 checksum:  2397630 3e8bea89624de04701532467455d641c
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_powerpc.deb
        Size/MD5 checksum:    51184 b0aa8b37297e06929b233d0c9ffca323
      http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_powerpc.deb
        Size/MD5 checksum:    44684 3a61f2f1a62357631cf106e93ce3483c
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_powerpc.deb
        Size/MD5 checksum:    36188 46e81dff7739bf721a550d9133c2de39
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_powerpc.deb
        Size/MD5 checksum:   812382 62ae73c4487c8e0df9fd3068c7d80de3
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_powerpc.deb
        Size/MD5 checksum:    50172 b3d3ae2f05bdd93bf53e5b0850735489
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_s390.deb
        Size/MD5 checksum:    35404 04fb2fe8b357930ab6cb38f51cabfd0f
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_s390.deb
        Size/MD5 checksum:  2409644 eba0c0416fe5ddda3e03cfe0c5c2d72b
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_s390.deb
        Size/MD5 checksum:    48172 08a50f7e58888d590e51fdf71e6c040c
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_s390.deb
        Size/MD5 checksum:    48648 03d396df1463edff019cf5c2bf7d4c2b
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_s390.deb
        Size/MD5 checksum:    35620 f72dd31f28792e390cfd1e82d8f7802c
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_s390.deb
        Size/MD5 checksum:   800532 bfe7c38d2a0b2e77d0c53d26d3057587
      http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_s390.deb
        Size/MD5 checksum:    43594 f15ec4139196e3daf36a1df94beb6311
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_sparc.deb
        Size/MD5 checksum:    45034 f47d8f6e63e19e706b1983651764f7bf
      http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_sparc.deb
        Size/MD5 checksum:    47902 c5dc170438180221e2fd384f940332bb
      http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_sparc.deb
        Size/MD5 checksum:    42218 3608ea1892886904ae349ad405ad41de
      http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_sparc.deb
        Size/MD5 checksum:    33776 8a426afb10a509a6b8990d02ae9e70c9
      http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_sparc.deb
        Size/MD5 checksum:    32878 ad44388e0626512710191b1c4b63a88b
      http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_sparc.deb
        Size/MD5 checksum:   797888 19c252a229cdb522235ee512d1a8efea
      http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_sparc.deb
        Size/MD5 checksum:  2358062 f802b16a2d0425c1fee4d1ff9b0bc013
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.