CVE-2010-0405
Published: 20 September 2010
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Notes
| Author | Note |
|---|---|
| jdstrand | dump and dpkg use a statically linked bzip2 so simply need to be recompiled |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
bzip2 Launchpad, Ubuntu, Debian |
dapper |
Released
(1.0.3-0ubuntu2.2)
|
| hardy |
Released
(1.0.4-2ubuntu4.1)
|
|
| jaunty |
Released
(1.0.5-1ubuntu1.1)
|
|
| karmic |
Released
(1.0.5-3ubuntu0.1)
|
|
| lucid |
Released
(1.0.5-4ubuntu0.1)
|
|
| upstream |
Released
(1.0.6)
|
|
|
clamav Launchpad, Ubuntu, Debian |
dapper |
Released
(0.95.3+dfsg-1ubuntu0.09.04~dapper4.1)
|
| hardy |
Released
(0.95.3+dfsg-1ubuntu0.09.04~hardy2.5)
|
|
| jaunty |
Released
(0.95.3+dfsg-1ubuntu0.09.04.3)
|
|
| karmic |
Released
(0.95.3+dfsg-1ubuntu0.09.10.3)
|
|
| lucid |
Released
(0.96.1+dfsg-0ubuntu0.10.04.2)
|
|
| upstream |
Needs triage
|
|
|
dpkg Launchpad, Ubuntu, Debian |
dapper |
Released
(1.13.11ubuntu7.2)
|
| hardy |
Released
(1.14.16.6ubuntu4.2)
|
|
| jaunty |
Released
(1.14.24ubuntu1.2)
|
|
| karmic |
Released
(1.15.4ubuntu2.2)
|
|
| lucid |
Released
(1.15.5.6ubuntu4.3)
|
|
| upstream |
Not vulnerable
|
|
|
dump Launchpad, Ubuntu, Debian |
dapper |
Released
(0.4b41-2ubuntu0.1)
|
| hardy |
Released
(0.4b41-5ubuntu0.1)
|
|
| jaunty |
Released
( 0.4b41-6ubuntu0.1)
|
|
| karmic |
Released
(0.4b42-1ubuntu0.9.10.1)
|
|
| lucid |
Released
(0.4b42-1ubuntu0.10.04.1)
|
|
| upstream |
Not vulnerable
|