BugTraq
[ MDVSA-2010:185 ] bzip2 Sep 20 2010 06:10PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:185
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bzip2
Date : September 20, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

An integer overflow has been found and corrected in bzip2 which could
be exploited by using a specially crafted bz2 file and cause a denial
of service attack (CVE-2010-0405).

Additionally clamav has been upgraded to 0.96.2 and has been patched
for this issue. perl-Compress-Bzip2 in MES5 has been linked against
the system bzip2 library to resolv this issue.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
208f420c851e7a862cbc49048df3460d 2008.0/i586/bzip2-1.0.4-2.2mdv2008.0.i586.rpm
d5c478b39b0a06aaad6b77558be03da6 2008.0/i586/clamav-0.96.2-0.1mdv2008.0.i586.rpm
54201efe88ab1f5064b7efbbd7e65708 2008.0/i586/clamav-db-0.96.2-0.1mdv2008.0.i586.rpm
042e719c811b237046c99a06d98e4607 2008.0/i586/clamav-milter-0.96.2-0.1mdv2008.0.i586.rpm
4105a40a7442d1f93d43b9379eafdc58 2008.0/i586/clamd-0.96.2-0.1mdv2008.0.i586.rpm
cbd8dbd04e5c2d64be079454df287f4c 2008.0/i586/libbzip2_1-1.0.4-2.2mdv2008.0.i586.rpm
1303149fada878eef9e528118462e196 2008.0/i586/libbzip2_1-devel-1.0.4-2.2mdv2008.0.i586.rpm
8951662548f5990e373bfab9ab270759 2008.0/i586/libclamav6-0.96.2-0.1mdv2008.0.i586.rpm
42ebe0de39a03f4bd225514dca97cb8f 2008.0/i586/libclamav-devel-0.96.2-0.1mdv2008.0.i586.rpm
3f520987cd857a35f7450c902b6099b5 2008.0/SRPMS/bzip2-1.0.4-2.2mdv2008.0.src.rpm
08f4ef7e1a9a3a763e20fe53a53a10c7 2008.0/SRPMS/clamav-0.96.2-0.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
318361945d90569a6492d5e91eee7ca8 2008.0/x86_64/bzip2-1.0.4-2.2mdv2008.0.x86_64.rpm
35d8a1813410f7ee1283ce59f06898c5 2008.0/x86_64/clamav-0.96.2-0.1mdv2008.0.x86_64.rpm
ef048ad00bbf398e18d627845661dcb9 2008.0/x86_64/clamav-db-0.96.2-0.1mdv2008.0.x86_64.rpm
c054765a0bd19f8f0910927e9a57a8a1 2008.0/x86_64/clamav-milter-0.96.2-0.1mdv2008.0.x86_64.rpm
18e20751418165c622475361c84a4d46 2008.0/x86_64/clamd-0.96.2-0.1mdv2008.0.x86_64.rpm
daf0c53ef4d5da6412627570fb3723a6 2008.0/x86_64/lib64bzip2_1-1.0.4-2.2mdv2008.0.x86_64.rpm
8c9efa494dae55b040b509d483741193 2008.0/x86_64/lib64bzip2_1-devel-1.0.4-2.2mdv2008.0.x86_64.rpm
ee66da08a714d5bb45b17009ae34feb3 2008.0/x86_64/lib64clamav6-0.96.2-0.1mdv2008.0.x86_64.rpm
baccbabbf2d697a10b415c941cb16bbc 2008.0/x86_64/lib64clamav-devel-0.96.2-0.1mdv2008.0.x86_64.rpm
3f520987cd857a35f7450c902b6099b5 2008.0/SRPMS/bzip2-1.0.4-2.2mdv2008.0.src.rpm
08f4ef7e1a9a3a763e20fe53a53a10c7 2008.0/SRPMS/clamav-0.96.2-0.1mdv2008.0.src.rpm

Mandriva Linux 2009.0:
fd6db21c99977e5a63ffdaf2ea8508b2 2009.0/i586/bzip2-1.0.5-3.1mdv2009.0.i586.rpm
a9e0deb0ef8c0f74357f5e1d035365e6 2009.0/i586/clamav-0.96.2-0.1mdv2009.0.i586.rpm
59f24ea15e867d6da8ee312fa47adf6b 2009.0/i586/clamav-db-0.96.2-0.1mdv2009.0.i586.rpm
c2ec68a64a6bf8424d1a3c50183f9249 2009.0/i586/clamav-milter-0.96.2-0.1mdv2009.0.i586.rpm
d267e9c4e7c89a20feb90c71845db826 2009.0/i586/clamd-0.96.2-0.1mdv2009.0.i586.rpm
398f6174cc4bce5b9003b88b8e521069 2009.0/i586/libbzip2_1-1.0.5-3.1mdv2009.0.i586.rpm
9eb59f0435e387d5ee83320538def286 2009.0/i586/libbzip2-devel-1.0.5-3.1mdv2009.0.i586.rpm
c2cb928173bf1d157798cbd2b4a7da0b 2009.0/i586/libclamav6-0.96.2-0.1mdv2009.0.i586.rpm
61dc9e23e85f761e90012d887d92c87a 2009.0/i586/libclamav-devel-0.96.2-0.1mdv2009.0.i586.rpm
9ed76151adc2caca3fd032e6f79af616 2009.0/SRPMS/bzip2-1.0.5-3.1mdv2009.0.src.rpm
dd04096ea413293b2750911ae595d92e 2009.0/SRPMS/clamav-0.96.2-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
9600b4ede2067eab744853e2ca8b0659 2009.0/x86_64/bzip2-1.0.5-3.1mdv2009.0.x86_64.rpm
4f231995c4926085bfb4ea5996799ea2 2009.0/x86_64/clamav-0.96.2-0.1mdv2009.0.x86_64.rpm
e1b45400f643ec8ec303922546920f5b 2009.0/x86_64/clamav-db-0.96.2-0.1mdv2009.0.x86_64.rpm
3efc9367300fd41627c575ec228d0a92 2009.0/x86_64/clamav-milter-0.96.2-0.1mdv2009.0.x86_64.rpm
bf872e312a88cd8305fbea9c19d98ea4 2009.0/x86_64/clamd-0.96.2-0.1mdv2009.0.x86_64.rpm
69b4a223134c00102eb40856a4677062 2009.0/x86_64/lib64bzip2_1-1.0.5-3.1mdv2009.0.x86_64.rpm
adf80fee100128e0bef393b905b23284 2009.0/x86_64/lib64bzip2-devel-1.0.5-3.1mdv2009.0.x86_64.rpm
3b0bb3ba3037ab3dfe6d0456e5972742 2009.0/x86_64/lib64clamav6-0.96.2-0.1mdv2009.0.x86_64.rpm
37376f851e9a9403268f4097e79a6a0e 2009.0/x86_64/lib64clamav-devel-0.96.2-0.1mdv2009.0.x86_64.rpm
9ed76151adc2caca3fd032e6f79af616 2009.0/SRPMS/bzip2-1.0.5-3.1mdv2009.0.src.rpm
dd04096ea413293b2750911ae595d92e 2009.0/SRPMS/clamav-0.96.2-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
b58bfd224d685bc933eefba5ff554726 2009.1/i586/bzip2-1.0.5-5.1mdv2009.1.i586.rpm
0fe8becd5967d67a406cb2bc9432aa7b 2009.1/i586/libbzip2_1-1.0.5-5.1mdv2009.1.i586.rpm
917c1ff311fd8e710bb050cf139031a2 2009.1/i586/libbzip2-devel-1.0.5-5.1mdv2009.1.i586.rpm
3fe179dd2193eaae17fbb6dd58ec1ba4 2009.1/SRPMS/bzip2-1.0.5-5.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
016a47124cd079e2bf6e55d7c9088193 2009.1/x86_64/bzip2-1.0.5-5.1mdv2009.1.x86_64.rpm
8f641d22a43c4aff4ccac848e379f881 2009.1/x86_64/lib64bzip2_1-1.0.5-5.1mdv2009.1.x86_64.rpm
4e4df8103f61e92f5111c2437ec77e00 2009.1/x86_64/lib64bzip2-devel-1.0.5-5.1mdv2009.1.x86_64.rpm
3fe179dd2193eaae17fbb6dd58ec1ba4 2009.1/SRPMS/bzip2-1.0.5-5.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
6268e6b188d0670265dbb90c0c5956d3 2010.0/i586/bzip2-1.0.5-6.1mdv2010.0.i586.rpm
7b34af049f2266a982e9dc179f00cafe 2010.0/i586/libbzip2_1-1.0.5-6.1mdv2010.0.i586.rpm
53773a2856399de8ce8c9317a673e153 2010.0/i586/libbzip2-devel-1.0.5-6.1mdv2010.0.i586.rpm
045fc708dce0b8c053499d4f60c5d665 2010.0/SRPMS/bzip2-1.0.5-6.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
91e8c91b5cf57604923a5fb0cb4e67fd 2010.0/x86_64/bzip2-1.0.5-6.1mdv2010.0.x86_64.rpm
bd86abbb47f2c2547f057be43befcac9 2010.0/x86_64/lib64bzip2_1-1.0.5-6.1mdv2010.0.x86_64.rpm
1e0f8c2fe423d6dd6624a71e7fc47922 2010.0/x86_64/lib64bzip2-devel-1.0.5-6.1mdv2010.0.x86_64.rpm
045fc708dce0b8c053499d4f60c5d665 2010.0/SRPMS/bzip2-1.0.5-6.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
99c50a7ded69e267182dd52fe92f1283 2010.1/i586/bzip2-1.0.5-7.1mdv2010.1.i586.rpm
314e947ffbf24717b15ddc603d5388c5 2010.1/i586/libbzip2_1-1.0.5-7.1mdv2010.1.i586.rpm
ac1d6098d1da019e890754ea6cc345d8 2010.1/i586/libbzip2-devel-1.0.5-7.1mdv2010.1.i586.rpm
693436a36b7d0c172b5cee2fb56a707c 2010.1/SRPMS/bzip2-1.0.5-7.1mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64:
714eed658a65f01629a9094cc601cbd2 2010.1/x86_64/bzip2-1.0.5-7.1mdv2010.1.x86_64.rpm
7683e73aef5c9b6fa2b3a054ee8f456c 2010.1/x86_64/lib64bzip2_1-1.0.5-7.1mdv2010.1.x86_64.rpm
c9c129fc2d1dad1b3b5b7c64baad3bbe 2010.1/x86_64/lib64bzip2-devel-1.0.5-7.1mdv2010.1.x86_64.rpm
693436a36b7d0c172b5cee2fb56a707c 2010.1/SRPMS/bzip2-1.0.5-7.1mdv2010.1.src.rpm

Corporate 4.0:
b1ba1ad1832a7ba096f8dd6059396d67 corporate/4.0/i586/bzip2-1.0.3-1.4.20060mlcs4.i586.rpm
6b23f0c89189d36f5854a7bd8149e9f5 corporate/4.0/i586/clamav-0.96.2-0.1.20060mlcs4.i586.rpm
3b5e8c8baccd90efef63ccfe653fcdfc corporate/4.0/i586/clamav-db-0.96.2-0.1.20060mlcs4.i586.rpm
07b13390e7515ea462c311f301b847c9 corporate/4.0/i586/clamav-milter-0.96.2-0.1.20060mlcs4.i586.rpm
2612d120d120ee94eba39480485b4d6f corporate/4.0/i586/clamd-0.96.2-0.1.20060mlcs4.i586.rpm
78b75820cbbe61c35eace2da5988081f corporate/4.0/i586/libbzip2_1-1.0.3-1.4.20060mlcs4.i586.rpm
327772a179a7afe71964217b2ed50ef8 corporate/4.0/i586/libbzip2_1-devel-1.0.3-1.4.20060mlcs4.i586.rpm
a4ba0718507ba3a62aab7f5286c20dd7 corporate/4.0/i586/libclamav6-0.96.2-0.1.20060mlcs4.i586.rpm
361c8f3174f0768c7206145513e0dcc8 corporate/4.0/i586/libclamav-devel-0.96.2-0.1.20060mlcs4.i586.rpm
29309bbcf2bdc4794afb272999449f61 corporate/4.0/SRPMS/bzip2-1.0.3-1.4.20060mlcs4.src.rpm
eedb0c69f489a0c59e791ab9729088a3 corporate/4.0/SRPMS/clamav-0.96.2-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
46aa0947c3cf56328487c3db78a3af2a corporate/4.0/x86_64/bzip2-1.0.3-1.4.20060mlcs4.x86_64.rpm
a66339ac70941f997d275cccf20f3a36 corporate/4.0/x86_64/clamav-0.96.2-0.1.20060mlcs4.x86_64.rpm
17b73e6a89b24fe9447e18ce99551dfe corporate/4.0/x86_64/clamav-db-0.96.2-0.1.20060mlcs4.x86_64.rpm
4ea0a0fe486dc946fa9c07568b940006 corporate/4.0/x86_64/clamav-milter-0.96.2-0.1.20060mlcs4.x86_64.rpm
989fab470af0670fb3aeeef7f3ce4537 corporate/4.0/x86_64/clamd-0.96.2-0.1.20060mlcs4.x86_64.rpm
c44b46cfbab7e8a473521bea6b9b9551 corporate/4.0/x86_64/lib64bzip2_1-1.0.3-1.4.20060mlcs4.x86_64.rpm
fea82db6ffd3f58bbcea1bc4a64909dd corporate/4.0/x86_64/lib64bzip2_1-devel-1.0.3-1.4.20060mlcs4.x86_64.rpm
e9ad04d2b7aaf351cf126293cb63e6b5 corporate/4.0/x86_64/lib64clamav6-0.96.2-0.1.20060mlcs4.x86_64.rpm
ab5026465e94a70a72ca1cefdc524874 corporate/4.0/x86_64/lib64clamav-devel-0.96.2-0.1.20060mlcs4.x86_64.rpm
29309bbcf2bdc4794afb272999449f61 corporate/4.0/SRPMS/bzip2-1.0.3-1.4.20060mlcs4.src.rpm
eedb0c69f489a0c59e791ab9729088a3 corporate/4.0/SRPMS/clamav-0.96.2-0.1.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
d827d299d5a4205bdc0faceb6b2d7f34 mes5/i586/bzip2-1.0.5-3.1mdvmes5.1.i586.rpm
1c83dd65b90f0d488a7fb19dc5db8b66 mes5/i586/clamav-0.96.2-0.1mdvmes5.1.i586.rpm
a9ad04b15a2556a6408d727121e7ec62 mes5/i586/clamav-db-0.96.2-0.1mdvmes5.1.i586.rpm
da5eae6ba6b44f5716f31b989bf2799d mes5/i586/clamav-milter-0.96.2-0.1mdvmes5.1.i586.rpm
a8614740ba8707eceb0687ef6852620a mes5/i586/clamd-0.96.2-0.1mdvmes5.1.i586.rpm
ced60348c12f4615cfbbebb928edf7cf mes5/i586/libbzip2_1-1.0.5-3.1mdvmes5.1.i586.rpm
3a35bf17183e938449aa73dabc5320cb mes5/i586/libbzip2-devel-1.0.5-3.1mdvmes5.1.i586.rpm
ff58293b747aac4e574b249d78e60d69 mes5/i586/libclamav6-0.96.2-0.1mdvmes5.1.i586.rpm
407eb98f3a0b43f444ef6d58c3724978 mes5/i586/libclamav-devel-0.96.2-0.1mdvmes5.1.i586.rpm
8e7a6c673b50b8cf565db9c425e614f4 mes5/i586/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.i586.rpm
3962dda9b4bfca75ce205e09da56daec mes5/SRPMS/bzip2-1.0.5-3.1mdvmes5.1.src.rpm
4c284198a38a800bde7d111ba7986750 mes5/SRPMS/clamav-0.96.2-0.1mdvmes5.1.src.rpm
d48ef5d54841f35312a852f00b94dd04 mes5/SRPMS/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
a9c39d551ae1dbec30029f099d3a2739 mes5/x86_64/bzip2-1.0.5-3.1mdvmes5.1.x86_64.rpm
3edbf1083c02602aea55b24059e93b20 mes5/x86_64/clamav-0.96.2-0.1mdvmes5.1.x86_64.rpm
adeadebc3810dd00bfe62923d03b647f mes5/x86_64/clamav-db-0.96.2-0.1mdvmes5.1.x86_64.rpm
93e04c4d98acdda846957314323d4d42 mes5/x86_64/clamav-milter-0.96.2-0.1mdvmes5.1.x86_64.rpm
bcc29f7977da80e5f91bf1e40aec1c25 mes5/x86_64/clamd-0.96.2-0.1mdvmes5.1.x86_64.rpm
aab9831f478c6d3dfd8c45cc646602fb mes5/x86_64/lib64bzip2_1-1.0.5-3.1mdvmes5.1.x86_64.rpm
47202cc8e93b191cc9c2fd49a7f17b84 mes5/x86_64/lib64bzip2-devel-1.0.5-3.1mdvmes5.1.x86_64.rpm
06014379c24c7e4d9009252333c1c597 mes5/x86_64/lib64clamav6-0.96.2-0.1mdvmes5.1.x86_64.rpm
e7d924b393cac661385cbb4b3c4068e2 mes5/x86_64/lib64clamav-devel-0.96.2-0.1mdvmes5.1.x86_64.rpm
6e7a4164d865f1e5f4a4f45514fbe6d2 mes5/x86_64/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.x86_64.rpm
3962dda9b4bfca75ce205e09da56daec mes5/SRPMS/bzip2-1.0.5-3.1mdvmes5.1.src.rpm
4c284198a38a800bde7d111ba7986750 mes5/SRPMS/clamav-0.96.2-0.1mdvmes5.1.src.rpm
d48ef5d54841f35312a852f00b94dd04 mes5/SRPMS/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMl3DlmqjQ0CJFipgRAqmNAKDCrDqw4UpvV0qI0+JhzlhW5RrdIwCdHIGz
2jU/naEdoGP+YspVRSC+uAg=
=zwtV
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus