Technical Description

Debian has released a security patch to correct a vulnerability identified in bzip2. This flaw occurs when processing specially crafted bzip2 archives, which may cause an infinite loop in the decompressor (DoS) resulting in an indefinitively large output file. For additional information, see : VUPEN/ADV-2005-0560

Affected Products

Debian GNU/Linux stable (woody)
Debian GNU/Linux stable (sid)
Debian GNU/Linux testing (sarge)

Solution

Debian GNU/Linux stable (woody) - Upgrade to version 1.0.2-1.woody5
Debian GNU/Linux stable (sid) - Upgrade to version 1.0.2-7
Debian GNU/Linux testing (sarge) - Upgrade to version 1.0.2-7

References

http://www.vupen.com/english/advisories/2005/1007
http://www.debian.org/security/2005/dsa-741

ChangeLog

2005-07-07 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.