lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OxkoT-0003Bl-Ge@titan.mandriva.com>
Date: Mon, 20 Sep 2010 20:10:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:185 ] bzip2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:185
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bzip2
 Date    : September 20, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 An integer overflow has been found and corrected in bzip2 which could
 be exploited by using a specially crafted bz2 file and cause a denial
 of service attack (CVE-2010-0405).
 
 Additionally clamav has been upgraded to 0.96.2 and has been patched
 for this issue. perl-Compress-Bzip2 in MES5 has been linked against
 the system bzip2 library to resolv this issue.
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 208f420c851e7a862cbc49048df3460d  2008.0/i586/bzip2-1.0.4-2.2mdv2008.0.i586.rpm
 d5c478b39b0a06aaad6b77558be03da6  2008.0/i586/clamav-0.96.2-0.1mdv2008.0.i586.rpm
 54201efe88ab1f5064b7efbbd7e65708  2008.0/i586/clamav-db-0.96.2-0.1mdv2008.0.i586.rpm
 042e719c811b237046c99a06d98e4607  2008.0/i586/clamav-milter-0.96.2-0.1mdv2008.0.i586.rpm
 4105a40a7442d1f93d43b9379eafdc58  2008.0/i586/clamd-0.96.2-0.1mdv2008.0.i586.rpm
 cbd8dbd04e5c2d64be079454df287f4c  2008.0/i586/libbzip2_1-1.0.4-2.2mdv2008.0.i586.rpm
 1303149fada878eef9e528118462e196  2008.0/i586/libbzip2_1-devel-1.0.4-2.2mdv2008.0.i586.rpm
 8951662548f5990e373bfab9ab270759  2008.0/i586/libclamav6-0.96.2-0.1mdv2008.0.i586.rpm
 42ebe0de39a03f4bd225514dca97cb8f  2008.0/i586/libclamav-devel-0.96.2-0.1mdv2008.0.i586.rpm 
 3f520987cd857a35f7450c902b6099b5  2008.0/SRPMS/bzip2-1.0.4-2.2mdv2008.0.src.rpm
 08f4ef7e1a9a3a763e20fe53a53a10c7  2008.0/SRPMS/clamav-0.96.2-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 318361945d90569a6492d5e91eee7ca8  2008.0/x86_64/bzip2-1.0.4-2.2mdv2008.0.x86_64.rpm
 35d8a1813410f7ee1283ce59f06898c5  2008.0/x86_64/clamav-0.96.2-0.1mdv2008.0.x86_64.rpm
 ef048ad00bbf398e18d627845661dcb9  2008.0/x86_64/clamav-db-0.96.2-0.1mdv2008.0.x86_64.rpm
 c054765a0bd19f8f0910927e9a57a8a1  2008.0/x86_64/clamav-milter-0.96.2-0.1mdv2008.0.x86_64.rpm
 18e20751418165c622475361c84a4d46  2008.0/x86_64/clamd-0.96.2-0.1mdv2008.0.x86_64.rpm
 daf0c53ef4d5da6412627570fb3723a6  2008.0/x86_64/lib64bzip2_1-1.0.4-2.2mdv2008.0.x86_64.rpm
 8c9efa494dae55b040b509d483741193  2008.0/x86_64/lib64bzip2_1-devel-1.0.4-2.2mdv2008.0.x86_64.rpm
 ee66da08a714d5bb45b17009ae34feb3  2008.0/x86_64/lib64clamav6-0.96.2-0.1mdv2008.0.x86_64.rpm
 baccbabbf2d697a10b415c941cb16bbc  2008.0/x86_64/lib64clamav-devel-0.96.2-0.1mdv2008.0.x86_64.rpm 
 3f520987cd857a35f7450c902b6099b5  2008.0/SRPMS/bzip2-1.0.4-2.2mdv2008.0.src.rpm
 08f4ef7e1a9a3a763e20fe53a53a10c7  2008.0/SRPMS/clamav-0.96.2-0.1mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 fd6db21c99977e5a63ffdaf2ea8508b2  2009.0/i586/bzip2-1.0.5-3.1mdv2009.0.i586.rpm
 a9e0deb0ef8c0f74357f5e1d035365e6  2009.0/i586/clamav-0.96.2-0.1mdv2009.0.i586.rpm
 59f24ea15e867d6da8ee312fa47adf6b  2009.0/i586/clamav-db-0.96.2-0.1mdv2009.0.i586.rpm
 c2ec68a64a6bf8424d1a3c50183f9249  2009.0/i586/clamav-milter-0.96.2-0.1mdv2009.0.i586.rpm
 d267e9c4e7c89a20feb90c71845db826  2009.0/i586/clamd-0.96.2-0.1mdv2009.0.i586.rpm
 398f6174cc4bce5b9003b88b8e521069  2009.0/i586/libbzip2_1-1.0.5-3.1mdv2009.0.i586.rpm
 9eb59f0435e387d5ee83320538def286  2009.0/i586/libbzip2-devel-1.0.5-3.1mdv2009.0.i586.rpm
 c2cb928173bf1d157798cbd2b4a7da0b  2009.0/i586/libclamav6-0.96.2-0.1mdv2009.0.i586.rpm
 61dc9e23e85f761e90012d887d92c87a  2009.0/i586/libclamav-devel-0.96.2-0.1mdv2009.0.i586.rpm 
 9ed76151adc2caca3fd032e6f79af616  2009.0/SRPMS/bzip2-1.0.5-3.1mdv2009.0.src.rpm
 dd04096ea413293b2750911ae595d92e  2009.0/SRPMS/clamav-0.96.2-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 9600b4ede2067eab744853e2ca8b0659  2009.0/x86_64/bzip2-1.0.5-3.1mdv2009.0.x86_64.rpm
 4f231995c4926085bfb4ea5996799ea2  2009.0/x86_64/clamav-0.96.2-0.1mdv2009.0.x86_64.rpm
 e1b45400f643ec8ec303922546920f5b  2009.0/x86_64/clamav-db-0.96.2-0.1mdv2009.0.x86_64.rpm
 3efc9367300fd41627c575ec228d0a92  2009.0/x86_64/clamav-milter-0.96.2-0.1mdv2009.0.x86_64.rpm
 bf872e312a88cd8305fbea9c19d98ea4  2009.0/x86_64/clamd-0.96.2-0.1mdv2009.0.x86_64.rpm
 69b4a223134c00102eb40856a4677062  2009.0/x86_64/lib64bzip2_1-1.0.5-3.1mdv2009.0.x86_64.rpm
 adf80fee100128e0bef393b905b23284  2009.0/x86_64/lib64bzip2-devel-1.0.5-3.1mdv2009.0.x86_64.rpm
 3b0bb3ba3037ab3dfe6d0456e5972742  2009.0/x86_64/lib64clamav6-0.96.2-0.1mdv2009.0.x86_64.rpm
 37376f851e9a9403268f4097e79a6a0e  2009.0/x86_64/lib64clamav-devel-0.96.2-0.1mdv2009.0.x86_64.rpm 
 9ed76151adc2caca3fd032e6f79af616  2009.0/SRPMS/bzip2-1.0.5-3.1mdv2009.0.src.rpm
 dd04096ea413293b2750911ae595d92e  2009.0/SRPMS/clamav-0.96.2-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 b58bfd224d685bc933eefba5ff554726  2009.1/i586/bzip2-1.0.5-5.1mdv2009.1.i586.rpm
 0fe8becd5967d67a406cb2bc9432aa7b  2009.1/i586/libbzip2_1-1.0.5-5.1mdv2009.1.i586.rpm
 917c1ff311fd8e710bb050cf139031a2  2009.1/i586/libbzip2-devel-1.0.5-5.1mdv2009.1.i586.rpm 
 3fe179dd2193eaae17fbb6dd58ec1ba4  2009.1/SRPMS/bzip2-1.0.5-5.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 016a47124cd079e2bf6e55d7c9088193  2009.1/x86_64/bzip2-1.0.5-5.1mdv2009.1.x86_64.rpm
 8f641d22a43c4aff4ccac848e379f881  2009.1/x86_64/lib64bzip2_1-1.0.5-5.1mdv2009.1.x86_64.rpm
 4e4df8103f61e92f5111c2437ec77e00  2009.1/x86_64/lib64bzip2-devel-1.0.5-5.1mdv2009.1.x86_64.rpm 
 3fe179dd2193eaae17fbb6dd58ec1ba4  2009.1/SRPMS/bzip2-1.0.5-5.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 6268e6b188d0670265dbb90c0c5956d3  2010.0/i586/bzip2-1.0.5-6.1mdv2010.0.i586.rpm
 7b34af049f2266a982e9dc179f00cafe  2010.0/i586/libbzip2_1-1.0.5-6.1mdv2010.0.i586.rpm
 53773a2856399de8ce8c9317a673e153  2010.0/i586/libbzip2-devel-1.0.5-6.1mdv2010.0.i586.rpm 
 045fc708dce0b8c053499d4f60c5d665  2010.0/SRPMS/bzip2-1.0.5-6.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 91e8c91b5cf57604923a5fb0cb4e67fd  2010.0/x86_64/bzip2-1.0.5-6.1mdv2010.0.x86_64.rpm
 bd86abbb47f2c2547f057be43befcac9  2010.0/x86_64/lib64bzip2_1-1.0.5-6.1mdv2010.0.x86_64.rpm
 1e0f8c2fe423d6dd6624a71e7fc47922  2010.0/x86_64/lib64bzip2-devel-1.0.5-6.1mdv2010.0.x86_64.rpm 
 045fc708dce0b8c053499d4f60c5d665  2010.0/SRPMS/bzip2-1.0.5-6.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 99c50a7ded69e267182dd52fe92f1283  2010.1/i586/bzip2-1.0.5-7.1mdv2010.1.i586.rpm
 314e947ffbf24717b15ddc603d5388c5  2010.1/i586/libbzip2_1-1.0.5-7.1mdv2010.1.i586.rpm
 ac1d6098d1da019e890754ea6cc345d8  2010.1/i586/libbzip2-devel-1.0.5-7.1mdv2010.1.i586.rpm 
 693436a36b7d0c172b5cee2fb56a707c  2010.1/SRPMS/bzip2-1.0.5-7.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 714eed658a65f01629a9094cc601cbd2  2010.1/x86_64/bzip2-1.0.5-7.1mdv2010.1.x86_64.rpm
 7683e73aef5c9b6fa2b3a054ee8f456c  2010.1/x86_64/lib64bzip2_1-1.0.5-7.1mdv2010.1.x86_64.rpm
 c9c129fc2d1dad1b3b5b7c64baad3bbe  2010.1/x86_64/lib64bzip2-devel-1.0.5-7.1mdv2010.1.x86_64.rpm 
 693436a36b7d0c172b5cee2fb56a707c  2010.1/SRPMS/bzip2-1.0.5-7.1mdv2010.1.src.rpm

 Corporate 4.0:
 b1ba1ad1832a7ba096f8dd6059396d67  corporate/4.0/i586/bzip2-1.0.3-1.4.20060mlcs4.i586.rpm
 6b23f0c89189d36f5854a7bd8149e9f5  corporate/4.0/i586/clamav-0.96.2-0.1.20060mlcs4.i586.rpm
 3b5e8c8baccd90efef63ccfe653fcdfc  corporate/4.0/i586/clamav-db-0.96.2-0.1.20060mlcs4.i586.rpm
 07b13390e7515ea462c311f301b847c9  corporate/4.0/i586/clamav-milter-0.96.2-0.1.20060mlcs4.i586.rpm
 2612d120d120ee94eba39480485b4d6f  corporate/4.0/i586/clamd-0.96.2-0.1.20060mlcs4.i586.rpm
 78b75820cbbe61c35eace2da5988081f  corporate/4.0/i586/libbzip2_1-1.0.3-1.4.20060mlcs4.i586.rpm
 327772a179a7afe71964217b2ed50ef8  corporate/4.0/i586/libbzip2_1-devel-1.0.3-1.4.20060mlcs4.i586.rpm
 a4ba0718507ba3a62aab7f5286c20dd7  corporate/4.0/i586/libclamav6-0.96.2-0.1.20060mlcs4.i586.rpm
 361c8f3174f0768c7206145513e0dcc8  corporate/4.0/i586/libclamav-devel-0.96.2-0.1.20060mlcs4.i586.rpm 
 29309bbcf2bdc4794afb272999449f61  corporate/4.0/SRPMS/bzip2-1.0.3-1.4.20060mlcs4.src.rpm
 eedb0c69f489a0c59e791ab9729088a3  corporate/4.0/SRPMS/clamav-0.96.2-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 46aa0947c3cf56328487c3db78a3af2a  corporate/4.0/x86_64/bzip2-1.0.3-1.4.20060mlcs4.x86_64.rpm
 a66339ac70941f997d275cccf20f3a36  corporate/4.0/x86_64/clamav-0.96.2-0.1.20060mlcs4.x86_64.rpm
 17b73e6a89b24fe9447e18ce99551dfe  corporate/4.0/x86_64/clamav-db-0.96.2-0.1.20060mlcs4.x86_64.rpm
 4ea0a0fe486dc946fa9c07568b940006  corporate/4.0/x86_64/clamav-milter-0.96.2-0.1.20060mlcs4.x86_64.rpm
 989fab470af0670fb3aeeef7f3ce4537  corporate/4.0/x86_64/clamd-0.96.2-0.1.20060mlcs4.x86_64.rpm
 c44b46cfbab7e8a473521bea6b9b9551  corporate/4.0/x86_64/lib64bzip2_1-1.0.3-1.4.20060mlcs4.x86_64.rpm
 fea82db6ffd3f58bbcea1bc4a64909dd  corporate/4.0/x86_64/lib64bzip2_1-devel-1.0.3-1.4.20060mlcs4.x86_64.rpm
 e9ad04d2b7aaf351cf126293cb63e6b5  corporate/4.0/x86_64/lib64clamav6-0.96.2-0.1.20060mlcs4.x86_64.rpm
 ab5026465e94a70a72ca1cefdc524874  corporate/4.0/x86_64/lib64clamav-devel-0.96.2-0.1.20060mlcs4.x86_64.rpm 
 29309bbcf2bdc4794afb272999449f61  corporate/4.0/SRPMS/bzip2-1.0.3-1.4.20060mlcs4.src.rpm
 eedb0c69f489a0c59e791ab9729088a3  corporate/4.0/SRPMS/clamav-0.96.2-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 d827d299d5a4205bdc0faceb6b2d7f34  mes5/i586/bzip2-1.0.5-3.1mdvmes5.1.i586.rpm
 1c83dd65b90f0d488a7fb19dc5db8b66  mes5/i586/clamav-0.96.2-0.1mdvmes5.1.i586.rpm
 a9ad04b15a2556a6408d727121e7ec62  mes5/i586/clamav-db-0.96.2-0.1mdvmes5.1.i586.rpm
 da5eae6ba6b44f5716f31b989bf2799d  mes5/i586/clamav-milter-0.96.2-0.1mdvmes5.1.i586.rpm
 a8614740ba8707eceb0687ef6852620a  mes5/i586/clamd-0.96.2-0.1mdvmes5.1.i586.rpm
 ced60348c12f4615cfbbebb928edf7cf  mes5/i586/libbzip2_1-1.0.5-3.1mdvmes5.1.i586.rpm
 3a35bf17183e938449aa73dabc5320cb  mes5/i586/libbzip2-devel-1.0.5-3.1mdvmes5.1.i586.rpm
 ff58293b747aac4e574b249d78e60d69  mes5/i586/libclamav6-0.96.2-0.1mdvmes5.1.i586.rpm
 407eb98f3a0b43f444ef6d58c3724978  mes5/i586/libclamav-devel-0.96.2-0.1mdvmes5.1.i586.rpm
 8e7a6c673b50b8cf565db9c425e614f4  mes5/i586/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.i586.rpm 
 3962dda9b4bfca75ce205e09da56daec  mes5/SRPMS/bzip2-1.0.5-3.1mdvmes5.1.src.rpm
 4c284198a38a800bde7d111ba7986750  mes5/SRPMS/clamav-0.96.2-0.1mdvmes5.1.src.rpm
 d48ef5d54841f35312a852f00b94dd04  mes5/SRPMS/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 a9c39d551ae1dbec30029f099d3a2739  mes5/x86_64/bzip2-1.0.5-3.1mdvmes5.1.x86_64.rpm
 3edbf1083c02602aea55b24059e93b20  mes5/x86_64/clamav-0.96.2-0.1mdvmes5.1.x86_64.rpm
 adeadebc3810dd00bfe62923d03b647f  mes5/x86_64/clamav-db-0.96.2-0.1mdvmes5.1.x86_64.rpm
 93e04c4d98acdda846957314323d4d42  mes5/x86_64/clamav-milter-0.96.2-0.1mdvmes5.1.x86_64.rpm
 bcc29f7977da80e5f91bf1e40aec1c25  mes5/x86_64/clamd-0.96.2-0.1mdvmes5.1.x86_64.rpm
 aab9831f478c6d3dfd8c45cc646602fb  mes5/x86_64/lib64bzip2_1-1.0.5-3.1mdvmes5.1.x86_64.rpm
 47202cc8e93b191cc9c2fd49a7f17b84  mes5/x86_64/lib64bzip2-devel-1.0.5-3.1mdvmes5.1.x86_64.rpm
 06014379c24c7e4d9009252333c1c597  mes5/x86_64/lib64clamav6-0.96.2-0.1mdvmes5.1.x86_64.rpm
 e7d924b393cac661385cbb4b3c4068e2  mes5/x86_64/lib64clamav-devel-0.96.2-0.1mdvmes5.1.x86_64.rpm
 6e7a4164d865f1e5f4a4f45514fbe6d2  mes5/x86_64/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.x86_64.rpm 
 3962dda9b4bfca75ce205e09da56daec  mes5/SRPMS/bzip2-1.0.5-3.1mdvmes5.1.src.rpm
 4c284198a38a800bde7d111ba7986750  mes5/SRPMS/clamav-0.96.2-0.1mdvmes5.1.src.rpm
 d48ef5d54841f35312a852f00b94dd04  mes5/SRPMS/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMl3DlmqjQ0CJFipgRAqmNAKDCrDqw4UpvV0qI0+JhzlhW5RrdIwCdHIGz
2jU/naEdoGP+YspVRSC+uAg=
=zwtV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ