Solution
Please Install the Updated Packages.
Insight
Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression routine.
This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.
Affected
bzip2 on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, Red Hat Enterprise Linux ES version 2.1,
Red Hat Enterprise Linux WS version 2.1,
Red Hat Enterprise Linux AS version 3,
Red Hat Enterprise Linux ES version 3,
Red Hat Enterprise Linux WS version 3,
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4,
Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1372 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities