Security Advisory bzip2 security update

Advisory: RHSA-2005:474-21
Type: Security Advisory
Severity: Low
Issued on: 2005-06-16
Last updated on: 2006-02-13
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2005-0758
CVE-2005-0953
CVE-2005-1260

Details

Updated bzip2 packages that fix multiple issues are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

[Updated 13 February 2006]
Replacement bzip2 packages for Red Hat Enterprise Linux 4 have been created
as the original erratum packages did not fix CVE-2005-0758.

Bzip2 is a data compressor.

A bug was found in the way bzgrep processes file names. If a user can be
tricked into running bzgrep on a file with a carefully crafted file name,
arbitrary commands could be executed as the user running bzgrep. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-0758 to this issue.

A bug was found in the way bzip2 modifies file permissions during
decompression. If an attacker has write access to the directory into which
bzip2 is decompressing files, it is possible for them to modify permissions
on files owned by the user running bzip2 (CVE-2005-0953).

A bug was found in the way bzip2 decompresses files. It is possible for an
attacker to create a specially crafted bzip2 file which will cause bzip2 to
cause a denial of service (by filling disk space) if decompressed by a
victim (CVE-2005-1260).

Users of Bzip2 should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
bzip2-1.0.2-11.EL3.4.src.rpm
File outdated by:  RHSA-2008:0893		     4b0b7d56f486e271def24561f7a306f5
 
IA-32:
bzip2-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     e630bfc98b065f94c2b0ecd0d2c7ef25
bzip2-devel-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     7ea9c20badeaad2ea842fdb68f13d555
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
 
x86_64:
bzip2-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     b93b509f8d6e9aec46504c7e76ed1d28
bzip2-devel-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     29888d27b0655212b0e1e71e2047b198
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
bzip2-libs-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     eeb205ab6cf50dd6be136b6733ca2c12
 
Red Hat Desktop (v. 4)
SRPMS:
bzip2-1.0.2-13.EL4.3.src.rpm
File outdated by:  RHSA-2008:0893		     19a487defbbf4b39340e10b7fdb1ddfa
 
IA-32:
bzip2-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     6a5d249a38008b75339bb86859923133
bzip2-devel-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     5f32f2f2d964d34f5674b153e97d442b
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
 
x86_64:
bzip2-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     e3438d02a61b3ba70131f9cbcd13ec43
bzip2-devel-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     480070e71bfcc4e70b60dc478ed9bef9
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
bzip2-libs-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     2d1f5343c3a9e15dcc0bc16f4f286d78
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
bzip2-1.0.1-4.EL2.1.src.rpm
File outdated by:  RHSA-2008:0893		     15cce1e7cda0c3683de8571c732f992a
 
IA-32:
bzip2-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     1c0626bc05764ace3f35b370c871f82a
bzip2-devel-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     3becb343198896560698474b9ce06eed
bzip2-libs-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     793e7e2eafdf9290f869776e465f0922
 
IA-64:
bzip2-1.0.1-4.EL2.1.ia64.rpm
File outdated by:  RHSA-2008:0893		     9251923eb2a525c4edae8db9292d1865
bzip2-devel-1.0.1-4.EL2.1.ia64.rpm
File outdated by:  RHSA-2008:0893		     385e4b274f4eccec2dae40406f4411ed
bzip2-libs-1.0.1-4.EL2.1.ia64.rpm
File outdated by:  RHSA-2008:0893		     4feb401951ddc05a68c9de17671e2311
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
bzip2-1.0.2-11.EL3.4.src.rpm
File outdated by:  RHSA-2008:0893		     4b0b7d56f486e271def24561f7a306f5
 
IA-32:
bzip2-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     e630bfc98b065f94c2b0ecd0d2c7ef25
bzip2-devel-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     7ea9c20badeaad2ea842fdb68f13d555
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
 
IA-64:
bzip2-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     090b5ed939e2f48c51915eb925f96272
bzip2-devel-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     60ac531bf93510d4452676c7412f45b4
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
bzip2-libs-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     2f0634a4f0c00b853d8ac423a4cc7421
 
PPC:
bzip2-1.0.2-11.EL3.4.ppc.rpm
File outdated by:  RHSA-2008:0893		     9f4561be52e588f06a8a38756b695fe7
bzip2-devel-1.0.2-11.EL3.4.ppc.rpm
File outdated by:  RHSA-2008:0893		     13fdc5b3f50f57afdc91548305df824a
bzip2-libs-1.0.2-11.EL3.4.ppc.rpm
File outdated by:  RHSA-2008:0893		     b8b31503dd33bb1b2b96c382fc86818b
bzip2-libs-1.0.2-11.EL3.4.ppc64.rpm
File outdated by:  RHSA-2008:0893		     29ec39f91ae7fc800e9c1dee57e0ad96
 
s390:
bzip2-1.0.2-11.EL3.4.s390.rpm
File outdated by:  RHSA-2008:0893		     396f50fe9c7802b4699893b36463fc14
bzip2-devel-1.0.2-11.EL3.4.s390.rpm
File outdated by:  RHSA-2008:0893		     826a420199a7644ec1474170331d4160
bzip2-libs-1.0.2-11.EL3.4.s390.rpm
File outdated by:  RHSA-2008:0893		     be3865bf78e76449b1fc091a72cf3e41
 
s390x:
bzip2-1.0.2-11.EL3.4.s390x.rpm
File outdated by:  RHSA-2008:0893		     e58bda6c70b90b23384c0e46689237cd
bzip2-devel-1.0.2-11.EL3.4.s390x.rpm
File outdated by:  RHSA-2008:0893		     658b7beaabcefd6598a8914308addcde
bzip2-libs-1.0.2-11.EL3.4.s390.rpm
File outdated by:  RHSA-2008:0893		     be3865bf78e76449b1fc091a72cf3e41
bzip2-libs-1.0.2-11.EL3.4.s390x.rpm
File outdated by:  RHSA-2008:0893		     5f311e230c1934a8c84962fb6b64c9bf
 
x86_64:
bzip2-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     b93b509f8d6e9aec46504c7e76ed1d28
bzip2-devel-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     29888d27b0655212b0e1e71e2047b198
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
bzip2-libs-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     eeb205ab6cf50dd6be136b6733ca2c12
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
bzip2-1.0.2-13.EL4.3.src.rpm
File outdated by:  RHSA-2008:0893		     19a487defbbf4b39340e10b7fdb1ddfa
 
IA-32:
bzip2-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     6a5d249a38008b75339bb86859923133
bzip2-devel-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     5f32f2f2d964d34f5674b153e97d442b
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
 
IA-64:
bzip2-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     bc0ec3615f73d23448c3a5896716df59
bzip2-devel-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     e89d30dd4fb2b5e13346fc360c3ab23f
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
bzip2-libs-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     d95ee2c9006a0e55501f082efee94d69
 
PPC:
bzip2-1.0.2-13.EL4.3.ppc.rpm
File outdated by:  RHSA-2008:0893		     d3e020b14bd9a8ae25305e3e3f655e63
bzip2-devel-1.0.2-13.EL4.3.ppc.rpm
File outdated by:  RHSA-2008:0893		     0bfe80cfdf9c24930796e6c61942efa9
bzip2-libs-1.0.2-13.EL4.3.ppc.rpm
File outdated by:  RHSA-2008:0893		     2a280cd7277ca400803e940fe1d6f4e0
bzip2-libs-1.0.2-13.EL4.3.ppc64.rpm
File outdated by:  RHSA-2008:0893		     9fc45c658a213db8d5433f1828d74113
 
s390:
bzip2-1.0.2-13.EL4.3.s390.rpm
File outdated by:  RHSA-2008:0893		     30219b3c808a89b7fb32afa66fb2e981
bzip2-devel-1.0.2-13.EL4.3.s390.rpm
File outdated by:  RHSA-2008:0893		     465bd465d9dd7fbc25540f414c66e79a
bzip2-libs-1.0.2-13.EL4.3.s390.rpm
File outdated by:  RHSA-2008:0893		     c64ab0ae89c0b37fa45775b01aa84b1d
 
s390x:
bzip2-1.0.2-13.EL4.3.s390x.rpm
File outdated by:  RHSA-2008:0893		     2bffc62ed770f3c9d68437cf06a9e28e
bzip2-devel-1.0.2-13.EL4.3.s390x.rpm
File outdated by:  RHSA-2008:0893		     dbb1f05d102a36be0f45140cdec4823f
bzip2-libs-1.0.2-13.EL4.3.s390.rpm
File outdated by:  RHSA-2008:0893		     c64ab0ae89c0b37fa45775b01aa84b1d
bzip2-libs-1.0.2-13.EL4.3.s390x.rpm
File outdated by:  RHSA-2008:0893		     f0060ec31161236040938ab2eac30ec0
 
x86_64:
bzip2-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     e3438d02a61b3ba70131f9cbcd13ec43
bzip2-devel-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     480070e71bfcc4e70b60dc478ed9bef9
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
bzip2-libs-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     2d1f5343c3a9e15dcc0bc16f4f286d78
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
bzip2-1.0.1-4.EL2.1.src.rpm
File outdated by:  RHSA-2008:0893		     15cce1e7cda0c3683de8571c732f992a
 
IA-32:
bzip2-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     1c0626bc05764ace3f35b370c871f82a
bzip2-devel-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     3becb343198896560698474b9ce06eed
bzip2-libs-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     793e7e2eafdf9290f869776e465f0922
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
bzip2-1.0.2-11.EL3.4.src.rpm
File outdated by:  RHSA-2008:0893		     4b0b7d56f486e271def24561f7a306f5
 
IA-32:
bzip2-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     e630bfc98b065f94c2b0ecd0d2c7ef25
bzip2-devel-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     7ea9c20badeaad2ea842fdb68f13d555
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
 
IA-64:
bzip2-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     090b5ed939e2f48c51915eb925f96272
bzip2-devel-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     60ac531bf93510d4452676c7412f45b4
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
bzip2-libs-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     2f0634a4f0c00b853d8ac423a4cc7421
 
x86_64:
bzip2-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     b93b509f8d6e9aec46504c7e76ed1d28
bzip2-devel-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     29888d27b0655212b0e1e71e2047b198
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
bzip2-libs-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     eeb205ab6cf50dd6be136b6733ca2c12
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
bzip2-1.0.2-13.EL4.3.src.rpm
File outdated by:  RHSA-2008:0893		     19a487defbbf4b39340e10b7fdb1ddfa
 
IA-32:
bzip2-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     6a5d249a38008b75339bb86859923133
bzip2-devel-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     5f32f2f2d964d34f5674b153e97d442b
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
 
IA-64:
bzip2-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     bc0ec3615f73d23448c3a5896716df59
bzip2-devel-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     e89d30dd4fb2b5e13346fc360c3ab23f
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
bzip2-libs-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     d95ee2c9006a0e55501f082efee94d69
 
x86_64:
bzip2-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     e3438d02a61b3ba70131f9cbcd13ec43
bzip2-devel-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     480070e71bfcc4e70b60dc478ed9bef9
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
bzip2-libs-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     2d1f5343c3a9e15dcc0bc16f4f286d78
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
bzip2-1.0.1-4.EL2.1.src.rpm
File outdated by:  RHSA-2008:0893		     15cce1e7cda0c3683de8571c732f992a
 
IA-32:
bzip2-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     1c0626bc05764ace3f35b370c871f82a
bzip2-devel-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     3becb343198896560698474b9ce06eed
bzip2-libs-1.0.1-4.EL2.1.i386.rpm
File outdated by:  RHSA-2008:0893		     793e7e2eafdf9290f869776e465f0922
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
bzip2-1.0.2-11.EL3.4.src.rpm
File outdated by:  RHSA-2008:0893		     4b0b7d56f486e271def24561f7a306f5
 
IA-32:
bzip2-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     e630bfc98b065f94c2b0ecd0d2c7ef25
bzip2-devel-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     7ea9c20badeaad2ea842fdb68f13d555
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
 
IA-64:
bzip2-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     090b5ed939e2f48c51915eb925f96272
bzip2-devel-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     60ac531bf93510d4452676c7412f45b4
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
bzip2-libs-1.0.2-11.EL3.4.ia64.rpm
File outdated by:  RHSA-2008:0893		     2f0634a4f0c00b853d8ac423a4cc7421
 
x86_64:
bzip2-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     b93b509f8d6e9aec46504c7e76ed1d28
bzip2-devel-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     29888d27b0655212b0e1e71e2047b198
bzip2-libs-1.0.2-11.EL3.4.i386.rpm
File outdated by:  RHSA-2008:0893		     606f8d160d5a4d2897684318f0a7e970
bzip2-libs-1.0.2-11.EL3.4.x86_64.rpm
File outdated by:  RHSA-2008:0893		     eeb205ab6cf50dd6be136b6733ca2c12
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
bzip2-1.0.2-13.EL4.3.src.rpm
File outdated by:  RHSA-2008:0893		     19a487defbbf4b39340e10b7fdb1ddfa
 
IA-32:
bzip2-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     6a5d249a38008b75339bb86859923133
bzip2-devel-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     5f32f2f2d964d34f5674b153e97d442b
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
 
IA-64:
bzip2-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     bc0ec3615f73d23448c3a5896716df59
bzip2-devel-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     e89d30dd4fb2b5e13346fc360c3ab23f
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
bzip2-libs-1.0.2-13.EL4.3.ia64.rpm
File outdated by:  RHSA-2008:0893		     d95ee2c9006a0e55501f082efee94d69
 
x86_64:
bzip2-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     e3438d02a61b3ba70131f9cbcd13ec43
bzip2-devel-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     480070e71bfcc4e70b60dc478ed9bef9
bzip2-libs-1.0.2-13.EL4.3.i386.rpm
File outdated by:  RHSA-2008:0893		     c3a4f8b3d7f3791030077544fb4aa848
bzip2-libs-1.0.2-13.EL4.3.x86_64.rpm
File outdated by:  RHSA-2008:0893		     2d1f5343c3a9e15dcc0bc16f4f286d78
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
bzip2-1.0.1-4.EL2.1.src.rpm
File outdated by:  RHSA-2008:0893		     15cce1e7cda0c3683de8571c732f992a
 
IA-64:
bzip2-1.0.1-4.EL2.1.ia64.rpm
File outdated by:  RHSA-2008:0893		     9251923eb2a525c4edae8db9292d1865
bzip2-devel-1.0.1-4.EL2.1.ia64.rpm
File outdated by:  RHSA-2008:0893		     385e4b274f4eccec2dae40406f4411ed
bzip2-libs-1.0.1-4.EL2.1.ia64.rpm
File outdated by:  RHSA-2008:0893		     4feb401951ddc05a68c9de17671e2311
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

155742 - CAN-2005-0953 bzip2 race condition
157548 - CAN-2005-1260 bzip2 decompression bomb (DoS)
159816 - CVE-2005-0758 bzgrep has security issue in sed usage


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1260
http://scary.beasts.org/security/CESA-2005-002.txt

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/