SciLinux: CVE-2010-0405 Important Bzip2 Integer Overflow Update

Mar 03, 2011 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory update important integer overflow bzip2 scientific linux

Important: bzip2 security update

Date: Thu, 3 Mar 2011 15:21:52 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA Important: bzip2 on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

Synopsis:	Important: bzip2 security update
Issue date:	2010-11-10
CVE Names:	CVE-2010-0405

An integer overflow flaw was discovered in the bzip2 decompression
routine. This issue could, when decompressing malformed archives, cause
bzip2, or an application linked against the libbz2 library, to crash or,
potentially, execute arbitrary code. (CVE-2010-0405)

All running applications using the libbz2 library must be restarted for
the update to take effect.

SL 6.x

 SRPMS:
bzip2-1.0.5-7.el6_0.src.rpm
 i386:
bzip2-1.0.5-7.el6_0.i686.rpm
bzip2-devel-1.0.5-7.el6_0.i686.rpm
bzip2-libs-1.0.5-7.el6_0.i686.rpm
 x86_64:
bzip2-1.0.5-7.el6_0.x86_64.rpm
bzip2-devel-1.0.5-7.el6_0.i686.rpm
bzip2-devel-1.0.5-7.el6_0.x86_64.rpm
bzip2-libs-1.0.5-7.el6_0.i686.rpm
bzip2-libs-1.0.5-7.el6_0.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here