New Search

RHSA-2008:0893 -- bzip2 security update (Moderate)

oval:org.mitre.oval:def:29039

Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 3 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Bzip2 is a freely available high-quality data compressor. It provides both stand-alone compression and decompression utilities as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages which contain a backported patch to resolve this issue.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 5
  • CentOS Linux 5
  • CentOS Linux 2
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 3
Class:
patch
Reference(s):
  • RHSA-2008:0893
  • CESA-2008:0893-CentOS 3
  • CESA-2008:0893-CentOS 5
  • CESA-2008:0893-CentOS 2
  • CVE-2008-1372
Product(s):
  • bzip2