LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: bzip2 security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated bzip2 packages that fix multiple issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: bzip2 security update
Advisory ID:       RHSA-2005:474-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-474.html
Issue date:        2005-06-16
Updated on:        2005-06-16
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0758 CAN-2005-0953 CAN-2005-1260
- ---------------------------------------------------------------------

1. Summary:

Updated bzip2 packages that fix multiple issues are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Bzip2 is a data compressor.

A bug was found in the way bzgrep processes file names. If a user can be
tricked into running bzgrep on a file with a carefully crafted file name,
arbitrary commands could be executed as the user running bzgrep. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0758 to this issue.

A bug was found in the way bzip2 modifies file permissions during
decompression. If an attacker has write access to the directory into which
bzip2 is decompressing files, it is possible for them to modify permissions
on files owned by the user running bzip2 (CAN-2005-0953).

A bug was found in the way bzip2 decompresses files. It is possible for an
attacker to create a specially crafted bzip2 file which will cause bzip2 to
cause a denial of service (by filling disk space) if decompressed by a
victim (CAN-2005-1260).

Users of Bzip2 should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155742 - CAN-2005-0953 bzip2 race condition
157548 - CAN-2005-1260 bzip2 decompression bomb (DoS)
159816 - CAN-2005-0758 bzgrep has security issue in sed usage


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/bzip2-1.0.1-4.EL2.1.src.rpm
15cce1e7cda0c3683de8571c732f992a  bzip2-1.0.1-4.EL2.1.src.rpm

i386:
1c0626bc05764ace3f35b370c871f82a  bzip2-1.0.1-4.EL2.1.i386.rpm
3becb343198896560698474b9ce06eed  bzip2-devel-1.0.1-4.EL2.1.i386.rpm
793e7e2eafdf9290f869776e465f0922  bzip2-libs-1.0.1-4.EL2.1.i386.rpm

ia64:
9251923eb2a525c4edae8db9292d1865  bzip2-1.0.1-4.EL2.1.ia64.rpm
385e4b274f4eccec2dae40406f4411ed  bzip2-devel-1.0.1-4.EL2.1.ia64.rpm
4feb401951ddc05a68c9de17671e2311  bzip2-libs-1.0.1-4.EL2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/bzip2-1.0.1-4.EL2.1.src.rpm
15cce1e7cda0c3683de8571c732f992a  bzip2-1.0.1-4.EL2.1.src.rpm

ia64:
9251923eb2a525c4edae8db9292d1865  bzip2-1.0.1-4.EL2.1.ia64.rpm
385e4b274f4eccec2dae40406f4411ed  bzip2-devel-1.0.1-4.EL2.1.ia64.rpm
4feb401951ddc05a68c9de17671e2311  bzip2-libs-1.0.1-4.EL2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/bzip2-1.0.1-4.EL2.1.src.rpm
15cce1e7cda0c3683de8571c732f992a  bzip2-1.0.1-4.EL2.1.src.rpm

i386:
1c0626bc05764ace3f35b370c871f82a  bzip2-1.0.1-4.EL2.1.i386.rpm
3becb343198896560698474b9ce06eed  bzip2-devel-1.0.1-4.EL2.1.i386.rpm
793e7e2eafdf9290f869776e465f0922  bzip2-libs-1.0.1-4.EL2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/bzip2-1.0.1-4.EL2.1.src.rpm
15cce1e7cda0c3683de8571c732f992a  bzip2-1.0.1-4.EL2.1.src.rpm

i386:
1c0626bc05764ace3f35b370c871f82a  bzip2-1.0.1-4.EL2.1.i386.rpm
3becb343198896560698474b9ce06eed  bzip2-devel-1.0.1-4.EL2.1.i386.rpm
793e7e2eafdf9290f869776e465f0922  bzip2-libs-1.0.1-4.EL2.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/bzip2-1.0.2-11.EL3.4.src.rpm
4b0b7d56f486e271def24561f7a306f5  bzip2-1.0.2-11.EL3.4.src.rpm

i386:
e630bfc98b065f94c2b0ecd0d2c7ef25  bzip2-1.0.2-11.EL3.4.i386.rpm
7ea9c20badeaad2ea842fdb68f13d555  bzip2-devel-1.0.2-11.EL3.4.i386.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm

ia64:
090b5ed939e2f48c51915eb925f96272  bzip2-1.0.2-11.EL3.4.ia64.rpm
60ac531bf93510d4452676c7412f45b4  bzip2-devel-1.0.2-11.EL3.4.ia64.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm
2f0634a4f0c00b853d8ac423a4cc7421  bzip2-libs-1.0.2-11.EL3.4.ia64.rpm

ppc:
9f4561be52e588f06a8a38756b695fe7  bzip2-1.0.2-11.EL3.4.ppc.rpm
13fdc5b3f50f57afdc91548305df824a  bzip2-devel-1.0.2-11.EL3.4.ppc.rpm
b8b31503dd33bb1b2b96c382fc86818b  bzip2-libs-1.0.2-11.EL3.4.ppc.rpm
29ec39f91ae7fc800e9c1dee57e0ad96  bzip2-libs-1.0.2-11.EL3.4.ppc64.rpm

s390:
396f50fe9c7802b4699893b36463fc14  bzip2-1.0.2-11.EL3.4.s390.rpm
826a420199a7644ec1474170331d4160  bzip2-devel-1.0.2-11.EL3.4.s390.rpm
be3865bf78e76449b1fc091a72cf3e41  bzip2-libs-1.0.2-11.EL3.4.s390.rpm

s390x:
e58bda6c70b90b23384c0e46689237cd  bzip2-1.0.2-11.EL3.4.s390x.rpm
658b7beaabcefd6598a8914308addcde  bzip2-devel-1.0.2-11.EL3.4.s390x.rpm
be3865bf78e76449b1fc091a72cf3e41  bzip2-libs-1.0.2-11.EL3.4.s390.rpm
5f311e230c1934a8c84962fb6b64c9bf  bzip2-libs-1.0.2-11.EL3.4.s390x.rpm

x86_64:
b93b509f8d6e9aec46504c7e76ed1d28  bzip2-1.0.2-11.EL3.4.x86_64.rpm
29888d27b0655212b0e1e71e2047b198  bzip2-devel-1.0.2-11.EL3.4.x86_64.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm
eeb205ab6cf50dd6be136b6733ca2c12  bzip2-libs-1.0.2-11.EL3.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/bzip2-1.0.2-11.EL3.4.src.rpm
4b0b7d56f486e271def24561f7a306f5  bzip2-1.0.2-11.EL3.4.src.rpm

i386:
e630bfc98b065f94c2b0ecd0d2c7ef25  bzip2-1.0.2-11.EL3.4.i386.rpm
7ea9c20badeaad2ea842fdb68f13d555  bzip2-devel-1.0.2-11.EL3.4.i386.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm

x86_64:
b93b509f8d6e9aec46504c7e76ed1d28  bzip2-1.0.2-11.EL3.4.x86_64.rpm
29888d27b0655212b0e1e71e2047b198  bzip2-devel-1.0.2-11.EL3.4.x86_64.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm
eeb205ab6cf50dd6be136b6733ca2c12  bzip2-libs-1.0.2-11.EL3.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/bzip2-1.0.2-11.EL3.4.src.rpm
4b0b7d56f486e271def24561f7a306f5  bzip2-1.0.2-11.EL3.4.src.rpm

i386:
e630bfc98b065f94c2b0ecd0d2c7ef25  bzip2-1.0.2-11.EL3.4.i386.rpm
7ea9c20badeaad2ea842fdb68f13d555  bzip2-devel-1.0.2-11.EL3.4.i386.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm

ia64:
090b5ed939e2f48c51915eb925f96272  bzip2-1.0.2-11.EL3.4.ia64.rpm
60ac531bf93510d4452676c7412f45b4  bzip2-devel-1.0.2-11.EL3.4.ia64.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm
2f0634a4f0c00b853d8ac423a4cc7421  bzip2-libs-1.0.2-11.EL3.4.ia64.rpm

x86_64:
b93b509f8d6e9aec46504c7e76ed1d28  bzip2-1.0.2-11.EL3.4.x86_64.rpm
29888d27b0655212b0e1e71e2047b198  bzip2-devel-1.0.2-11.EL3.4.x86_64.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm
eeb205ab6cf50dd6be136b6733ca2c12  bzip2-libs-1.0.2-11.EL3.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/bzip2-1.0.2-11.EL3.4.src.rpm
4b0b7d56f486e271def24561f7a306f5  bzip2-1.0.2-11.EL3.4.src.rpm

i386:
e630bfc98b065f94c2b0ecd0d2c7ef25  bzip2-1.0.2-11.EL3.4.i386.rpm
7ea9c20badeaad2ea842fdb68f13d555  bzip2-devel-1.0.2-11.EL3.4.i386.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm

ia64:
090b5ed939e2f48c51915eb925f96272  bzip2-1.0.2-11.EL3.4.ia64.rpm
60ac531bf93510d4452676c7412f45b4  bzip2-devel-1.0.2-11.EL3.4.ia64.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm
2f0634a4f0c00b853d8ac423a4cc7421  bzip2-libs-1.0.2-11.EL3.4.ia64.rpm

x86_64:
b93b509f8d6e9aec46504c7e76ed1d28  bzip2-1.0.2-11.EL3.4.x86_64.rpm
29888d27b0655212b0e1e71e2047b198  bzip2-devel-1.0.2-11.EL3.4.x86_64.rpm
606f8d160d5a4d2897684318f0a7e970  bzip2-libs-1.0.2-11.EL3.4.i386.rpm
eeb205ab6cf50dd6be136b6733ca2c12  bzip2-libs-1.0.2-11.EL3.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/bzip2-1.0.2-13.EL4.2.src.rpm
4495b4152a765ceecb841c3349558060  bzip2-1.0.2-13.EL4.2.src.rpm

i386:
ab59af954705641daac16065d4e2bcf7  bzip2-1.0.2-13.EL4.2.i386.rpm
546cb5f4aa2a2e2895d1db0cc3220c26  bzip2-devel-1.0.2-13.EL4.2.i386.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm

ia64:
fbb427d2a11e236e2d1c6d85f7ae2e9d  bzip2-1.0.2-13.EL4.2.ia64.rpm
cf2525427b75389276eb11a107fd62e3  bzip2-devel-1.0.2-13.EL4.2.ia64.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm
aa2f13bce94b5bfc31c336f75d49fd25  bzip2-libs-1.0.2-13.EL4.2.ia64.rpm

ppc:
204622acd8c606580308a3b0dbf2c99a  bzip2-1.0.2-13.EL4.2.ppc.rpm
3f05fc5d21cf9e3bc7070194082a6884  bzip2-devel-1.0.2-13.EL4.2.ppc.rpm
a72e7e67d811edfbd79f610404ff51e9  bzip2-libs-1.0.2-13.EL4.2.ppc.rpm
3dbe5c3142fd98934ac12cde21e5bc69  bzip2-libs-1.0.2-13.EL4.2.ppc64.rpm

s390:
afd31a247fa25233417704526866b5b3  bzip2-1.0.2-13.EL4.2.s390.rpm
c63fe9698ef0294ec080aeabf340af01  bzip2-devel-1.0.2-13.EL4.2.s390.rpm
aff40f1abf3058316207b1d516e3a2dd  bzip2-libs-1.0.2-13.EL4.2.s390.rpm

s390x:
86937cfe7a1f9a8aa246e17f4630614d  bzip2-1.0.2-13.EL4.2.s390x.rpm
f6fa8a9286574caf767121a31d9dfcb2  bzip2-devel-1.0.2-13.EL4.2.s390x.rpm
aff40f1abf3058316207b1d516e3a2dd  bzip2-libs-1.0.2-13.EL4.2.s390.rpm
c88d05a31e1245b424a37fa041189b7a  bzip2-libs-1.0.2-13.EL4.2.s390x.rpm

x86_64:
69e064537425dc144b6772efb5e304d1  bzip2-1.0.2-13.EL4.2.x86_64.rpm
f88531e2768a888309a7af9413ec6840  bzip2-devel-1.0.2-13.EL4.2.x86_64.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm
61d1401fcc8398bbf448a130ed068272  bzip2-libs-1.0.2-13.EL4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/bzip2-1.0.2-13.EL4.2.src.rpm
4495b4152a765ceecb841c3349558060  bzip2-1.0.2-13.EL4.2.src.rpm

i386:
ab59af954705641daac16065d4e2bcf7  bzip2-1.0.2-13.EL4.2.i386.rpm
546cb5f4aa2a2e2895d1db0cc3220c26  bzip2-devel-1.0.2-13.EL4.2.i386.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm

x86_64:
69e064537425dc144b6772efb5e304d1  bzip2-1.0.2-13.EL4.2.x86_64.rpm
f88531e2768a888309a7af9413ec6840  bzip2-devel-1.0.2-13.EL4.2.x86_64.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm
61d1401fcc8398bbf448a130ed068272  bzip2-libs-1.0.2-13.EL4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/bzip2-1.0.2-13.EL4.2.src.rpm
4495b4152a765ceecb841c3349558060  bzip2-1.0.2-13.EL4.2.src.rpm

i386:
ab59af954705641daac16065d4e2bcf7  bzip2-1.0.2-13.EL4.2.i386.rpm
546cb5f4aa2a2e2895d1db0cc3220c26  bzip2-devel-1.0.2-13.EL4.2.i386.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm

ia64:
fbb427d2a11e236e2d1c6d85f7ae2e9d  bzip2-1.0.2-13.EL4.2.ia64.rpm
cf2525427b75389276eb11a107fd62e3  bzip2-devel-1.0.2-13.EL4.2.ia64.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm
aa2f13bce94b5bfc31c336f75d49fd25  bzip2-libs-1.0.2-13.EL4.2.ia64.rpm

x86_64:
69e064537425dc144b6772efb5e304d1  bzip2-1.0.2-13.EL4.2.x86_64.rpm
f88531e2768a888309a7af9413ec6840  bzip2-devel-1.0.2-13.EL4.2.x86_64.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm
61d1401fcc8398bbf448a130ed068272  bzip2-libs-1.0.2-13.EL4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/bzip2-1.0.2-13.EL4.2.src.rpm
4495b4152a765ceecb841c3349558060  bzip2-1.0.2-13.EL4.2.src.rpm

i386:
ab59af954705641daac16065d4e2bcf7  bzip2-1.0.2-13.EL4.2.i386.rpm
546cb5f4aa2a2e2895d1db0cc3220c26  bzip2-devel-1.0.2-13.EL4.2.i386.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm

ia64:
fbb427d2a11e236e2d1c6d85f7ae2e9d  bzip2-1.0.2-13.EL4.2.ia64.rpm
cf2525427b75389276eb11a107fd62e3  bzip2-devel-1.0.2-13.EL4.2.ia64.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm
aa2f13bce94b5bfc31c336f75d49fd25  bzip2-libs-1.0.2-13.EL4.2.ia64.rpm

x86_64:
69e064537425dc144b6772efb5e304d1  bzip2-1.0.2-13.EL4.2.x86_64.rpm
f88531e2768a888309a7af9413ec6840  bzip2-devel-1.0.2-13.EL4.2.x86_64.rpm
371f45acc3998d442536311e2afd8e57  bzip2-libs-1.0.2-13.EL4.2.i386.rpm
61d1401fcc8398bbf448a130ed068272  bzip2-libs-1.0.2-13.EL4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://scary.beasts.org/security/CESA-2005-002.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.