[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] rPSA-2010-0058-1 bzip2 bzip2-extras

To: product-announce@xxxxxxxxxxxxxxx, security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx
Subject: [Full-disclosure] rPSA-2010-0058-1 bzip2 bzip2-extras
From: rPath Update Announcements <announce-noreply@xxxxxxxxx>
Date: Sun, 17 Oct 2010 10:28:53 -0400

rPath Security Advisory: 2010-0058-1
Published: 2010-10-17
Products:
    rPath Appliance Platform Linux Service 2
    rPath Linux 2

Rating: Informational
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    bzip2=conary.rpath.com@rpl:2/1.0.6-0.1-1
    bzip2-extras=conary.rpath.com@rpl:2/1.0.6-0.1-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-3241

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405

Description:
    Previous releases of bzip2 were vulnerable to an integer overflow
    in the BZ2_decompress function, which could allow arbitrary
    code execution via a crafted bzipped file.  This has been fixed.

http://wiki.rpath.com/Advisories:rPSA-2010-0058

Copyright 2010 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
Next by Date: [Full-disclosure] rPSA-2010-0059-1 kernel
Previous by thread: Re: [Full-disclosure] xss in blackboard 8
Next by thread: [Full-disclosure] rPSA-2010-0059-1 kernel
Index(es):
- Date
- Thread