bzip2 bzip2-extras: intger overflow vulnerability

Users of bzip2 bzip2-extras please be advised of an integer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

rPSA-2010-0058-1: [rPSA-2010-0058-1] bzip2 bzip2-extras integer overflow vulnerability
Products:

rPath Appliance Platform Linux Service 2

rPath Linux 2
Description:

Previous releases of bzip2 were vulnerable to an integer overflow

in the BZ2_decompress function, which could allow arbitrary

code execution via a crafted bzipped file. This has been fixed.

Read more at http://www.criticalwatch.com
 

Advertisements