Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 476
Alerts This Week
Warning Icon 1 476

Fedora 24: FEDORA-2016-fd44637912 Critical Bzip2 Heap Use After Free

fedora
Calendar Grey January 4, 2017
Dist Fedora Esm H88
Important patch released for zlib fixing a heap overflow vulnerability, accessible through apt on Ubuntu 20.04.
CVE-2016-3189 bzip2: heap use after free in bzip2recover

Summary

Bzip2 is a freely available, patent-free, high quality data compressor.

Bzip2 compresses files to within 10 to 15 percent of the capabilities

of the best techniques available. However, bzip2 has the added benefit

of being approximately two times faster at compression and six times

faster at decompression than those techniques. Bzip2 is not the

fastest compression utility, but it does strike a balance between speed

and compression capability.

Install bzip2 if you need a compression utility.

Update Information:

CVE-2016-3189 bzip2: heap use after free in bzip2recover

Change Log

References


[ 1 ] Bug #1348179 - CVE-2016-3189 bzip2: heap use after free in bzip2recover [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348179

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade bzip2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bzip2
Product: Fedora 24
Version: 1.0.6
Release: 21.fc24
Summary: A file compression utility

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.