Security Advisory Moderate: bzip2 security update

Advisory: RHSA-2008:0893-2
Type: Security Advisory
Severity: Moderate
Issued on: 2008-09-16
Last updated on: 2008-09-16
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: com.redhat.rhsa-20080893.xml
CVEs (cve.mitre.org): CVE-2008-1372

Details

Updated bzip2 packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Bzip2 is a freely available, high-quality data compressor. It provides both
stand-alone compression and decompression utilities, as well as a shared
library for use with other programs.

A buffer over-read flaw was discovered in the bzip2 decompression routine.
This issue could cause an application linked against the libbz2 library to
crash when decompressing malformed archives. (CVE-2008-1372)

Users of bzip2 should upgrade to these updated packages, which contain a
backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
bzip2-devel-1.0.3-4.el5_2.i386.rpm     17e70a6d3abd9502bd106c48eaf71d6a
 
x86_64:
bzip2-devel-1.0.3-4.el5_2.i386.rpm     17e70a6d3abd9502bd106c48eaf71d6a
bzip2-devel-1.0.3-4.el5_2.x86_64.rpm     9d1331f010f84fe95868d874a84d4f02
 
Red Hat Desktop (v. 3)
SRPMS:
bzip2-1.0.2-12.EL3.src.rpm     1df6a3fe2bfb419f53e598bb44deab9b
 
IA-32:
bzip2-1.0.2-12.EL3.i386.rpm     e7fd42a0bf51c0b23bc91f9e450c836d
bzip2-devel-1.0.2-12.EL3.i386.rpm     11fe9edd42891aa38f18e91a17372624
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
 
x86_64:
bzip2-1.0.2-12.EL3.x86_64.rpm     bd6ef21980958b82f6bc036cefd50855
bzip2-devel-1.0.2-12.EL3.x86_64.rpm     c4adf6a89569ac1e0ab8a7eedad73f20
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
bzip2-libs-1.0.2-12.EL3.x86_64.rpm     2ee5405d74ffecc7ca4391df545e8e50
 
Red Hat Desktop (v. 4)
SRPMS:
bzip2-1.0.2-14.el4_7.src.rpm     ecd080a5cf226694d19873ffc0ed956a
 
IA-32:
bzip2-1.0.2-14.el4_7.i386.rpm     5de1916df92c3eb48c7faa2a0888e7aa
bzip2-devel-1.0.2-14.el4_7.i386.rpm     acafffc9c8d1e84de3fff493ea5651c6
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
 
x86_64:
bzip2-1.0.2-14.el4_7.x86_64.rpm     6749d55f8868a51dd93d1dd8b7ed903a
bzip2-devel-1.0.2-14.el4_7.x86_64.rpm     a07a38d121ccd1047fc62307bc392edc
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
bzip2-libs-1.0.2-14.el4_7.x86_64.rpm     54064f23b5eab680dbe135d1a11a1653
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
bzip2-1.0.3-4.el5_2.src.rpm     f85b2e82a049e23488fd751ea984fb35
 
IA-32:
bzip2-1.0.3-4.el5_2.i386.rpm     fabed375aefeb64421b8d06139fcd03d
bzip2-devel-1.0.3-4.el5_2.i386.rpm     17e70a6d3abd9502bd106c48eaf71d6a
bzip2-libs-1.0.3-4.el5_2.i386.rpm     4e15b23fdd90569673aedcb0d30cb957
 
IA-64:
bzip2-1.0.3-4.el5_2.ia64.rpm     369892dc5cac078417ccdc4488484f7a
bzip2-devel-1.0.3-4.el5_2.ia64.rpm     5a29a155fdfc514c5ce43b287cb5d2b5
bzip2-libs-1.0.3-4.el5_2.i386.rpm     4e15b23fdd90569673aedcb0d30cb957
bzip2-libs-1.0.3-4.el5_2.ia64.rpm     7905fdb6cca918719acdf6f3a48d9ae3
 
PPC:
bzip2-1.0.3-4.el5_2.ppc.rpm     6b174b77f40916a5f98a8017ee015eb7
bzip2-devel-1.0.3-4.el5_2.ppc.rpm     17f3f0149c174cca2130fc6c537a847b
bzip2-devel-1.0.3-4.el5_2.ppc64.rpm     f7637a969f69d0758910078c19297fc0
bzip2-libs-1.0.3-4.el5_2.ppc.rpm     bb53ad917ca02c50aec7eb81adcc230e
bzip2-libs-1.0.3-4.el5_2.ppc64.rpm     c2ba25e1a64f59676192eb835490cc67
 
s390x:
bzip2-1.0.3-4.el5_2.s390x.rpm     5441e88c01483694bc0926a6c0655ee2
bzip2-devel-1.0.3-4.el5_2.s390.rpm     ebd17c2737d17508e2d352fb9b3b86c5
bzip2-devel-1.0.3-4.el5_2.s390x.rpm     54ed6b6ffabc601523183fe2dbdd527b
bzip2-libs-1.0.3-4.el5_2.s390.rpm     6620dc4c2698f92fec288d942407af7f
bzip2-libs-1.0.3-4.el5_2.s390x.rpm     a40d835c5899671d442d845811ba3a75
 
x86_64:
bzip2-1.0.3-4.el5_2.x86_64.rpm     e0a5def8212b997dfd1841aff42e6b70
bzip2-devel-1.0.3-4.el5_2.i386.rpm     17e70a6d3abd9502bd106c48eaf71d6a
bzip2-devel-1.0.3-4.el5_2.x86_64.rpm     9d1331f010f84fe95868d874a84d4f02
bzip2-libs-1.0.3-4.el5_2.i386.rpm     4e15b23fdd90569673aedcb0d30cb957
bzip2-libs-1.0.3-4.el5_2.x86_64.rpm     ebae1f917429b7bd485a62ee22fef8b0
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
bzip2-1.0.1-5.EL2.1.src.rpm     00f5b3cb808ba8c486fd8503de26835e
 
IA-32:
bzip2-1.0.1-5.EL2.1.i386.rpm     1a7f51f580c78fd11040b19dc4bf7b60
bzip2-devel-1.0.1-5.EL2.1.i386.rpm     720649af2863aea7ba2bd72154f9d736
bzip2-libs-1.0.1-5.EL2.1.i386.rpm     cb71f34960b9b5acc2da42d07c2b1818
 
IA-64:
bzip2-1.0.1-5.EL2.1.ia64.rpm     318d6188f6d42eb95de1b5b0482b89f0
bzip2-devel-1.0.1-5.EL2.1.ia64.rpm     efe7d2e12a0ee69fa6540b824809a475
bzip2-libs-1.0.1-5.EL2.1.ia64.rpm     fcc4e98c6cabe04ba20f848ddc5493cf
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
bzip2-1.0.2-12.EL3.src.rpm     1df6a3fe2bfb419f53e598bb44deab9b
 
IA-32:
bzip2-1.0.2-12.EL3.i386.rpm     e7fd42a0bf51c0b23bc91f9e450c836d
bzip2-devel-1.0.2-12.EL3.i386.rpm     11fe9edd42891aa38f18e91a17372624
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
 
IA-64:
bzip2-1.0.2-12.EL3.ia64.rpm     a3b48a21181eb1120b1e2db88fb3819d
bzip2-devel-1.0.2-12.EL3.ia64.rpm     72f0da3ff13c9c22df11caba8c635ff6
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
bzip2-libs-1.0.2-12.EL3.ia64.rpm     2245f75a95420ae7f6bfcc754898d8b4
 
PPC:
bzip2-1.0.2-12.EL3.ppc.rpm     c0828dcec79354267a96c0f4ca84e348
bzip2-devel-1.0.2-12.EL3.ppc.rpm     4e416c1f9534b92d47f2f622a5c0f6d6
bzip2-libs-1.0.2-12.EL3.ppc.rpm     d68e9eed9b044bde448a15365c6348c9
bzip2-libs-1.0.2-12.EL3.ppc64.rpm     4e984885422335bf2e9f63897138a8f5
 
s390:
bzip2-1.0.2-12.EL3.s390.rpm     e2491765c530ba6924ccd8176195efbf
bzip2-devel-1.0.2-12.EL3.s390.rpm     2c86e72e136ce28f032d0519adfb1197
bzip2-libs-1.0.2-12.EL3.s390.rpm     03245c2228d3f977b72b3ecf35124edc
 
s390x:
bzip2-1.0.2-12.EL3.s390x.rpm     d275eddc5c9eee0bac647a11673eda20
bzip2-devel-1.0.2-12.EL3.s390x.rpm     9f462cef913e39b4b45421091bc2d5bc
bzip2-libs-1.0.2-12.EL3.s390.rpm     03245c2228d3f977b72b3ecf35124edc
bzip2-libs-1.0.2-12.EL3.s390x.rpm     fbf1db1a4222034d85df5a8da03b5986
 
x86_64:
bzip2-1.0.2-12.EL3.x86_64.rpm     bd6ef21980958b82f6bc036cefd50855
bzip2-devel-1.0.2-12.EL3.x86_64.rpm     c4adf6a89569ac1e0ab8a7eedad73f20
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
bzip2-libs-1.0.2-12.EL3.x86_64.rpm     2ee5405d74ffecc7ca4391df545e8e50
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
bzip2-1.0.2-14.el4_7.src.rpm     ecd080a5cf226694d19873ffc0ed956a
 
IA-32:
bzip2-1.0.2-14.el4_7.i386.rpm     5de1916df92c3eb48c7faa2a0888e7aa
bzip2-devel-1.0.2-14.el4_7.i386.rpm     acafffc9c8d1e84de3fff493ea5651c6
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
 
IA-64:
bzip2-1.0.2-14.el4_7.ia64.rpm     255fd6520981c721a25d8d55261dd3f8
bzip2-devel-1.0.2-14.el4_7.ia64.rpm     3e7e9d5483320509ea25569d0268f3c5
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
bzip2-libs-1.0.2-14.el4_7.ia64.rpm     c44dbcb34b67b7726ecd5688cb969a7f
 
PPC:
bzip2-1.0.2-14.el4_7.ppc.rpm     e49eea8ebc0cd8efc43763c0e30753b6
bzip2-devel-1.0.2-14.el4_7.ppc.rpm     aacceeba614a3a779ed4950a0ac9f7d2
bzip2-libs-1.0.2-14.el4_7.ppc.rpm     17c5d79e7d6f085395e7c044d8d5ecd8
bzip2-libs-1.0.2-14.el4_7.ppc64.rpm     a0950608ca0e0ca155e8f06ca9533313
 
s390:
bzip2-1.0.2-14.el4_7.s390.rpm     b590c111c592c685d1dd4760a3fea700
bzip2-devel-1.0.2-14.el4_7.s390.rpm     ccb3af5ad2f295960931baae0f4a44f0
bzip2-libs-1.0.2-14.el4_7.s390.rpm     1af521043b945a83e4cb17d6b0c16454
 
s390x:
bzip2-1.0.2-14.el4_7.s390x.rpm     9bc3a2ea05421eaa19af2f2e4dd84530
bzip2-devel-1.0.2-14.el4_7.s390x.rpm     03fe35807c88269a5b33d79538b01e7d
bzip2-libs-1.0.2-14.el4_7.s390.rpm     1af521043b945a83e4cb17d6b0c16454
bzip2-libs-1.0.2-14.el4_7.s390x.rpm     dc0a21b868e33b622e6cf91aed726c64
 
x86_64:
bzip2-1.0.2-14.el4_7.x86_64.rpm     6749d55f8868a51dd93d1dd8b7ed903a
bzip2-devel-1.0.2-14.el4_7.x86_64.rpm     a07a38d121ccd1047fc62307bc392edc
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
bzip2-libs-1.0.2-14.el4_7.x86_64.rpm     54064f23b5eab680dbe135d1a11a1653
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
bzip2-1.0.3-4.el5_2.src.rpm     f85b2e82a049e23488fd751ea984fb35
 
IA-32:
bzip2-1.0.3-4.el5_2.i386.rpm     fabed375aefeb64421b8d06139fcd03d
bzip2-libs-1.0.3-4.el5_2.i386.rpm     4e15b23fdd90569673aedcb0d30cb957
 
x86_64:
bzip2-1.0.3-4.el5_2.x86_64.rpm     e0a5def8212b997dfd1841aff42e6b70
bzip2-libs-1.0.3-4.el5_2.i386.rpm     4e15b23fdd90569673aedcb0d30cb957
bzip2-libs-1.0.3-4.el5_2.x86_64.rpm     ebae1f917429b7bd485a62ee22fef8b0
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
bzip2-1.0.1-5.EL2.1.src.rpm     00f5b3cb808ba8c486fd8503de26835e
 
IA-32:
bzip2-1.0.1-5.EL2.1.i386.rpm     1a7f51f580c78fd11040b19dc4bf7b60
bzip2-devel-1.0.1-5.EL2.1.i386.rpm     720649af2863aea7ba2bd72154f9d736
bzip2-libs-1.0.1-5.EL2.1.i386.rpm     cb71f34960b9b5acc2da42d07c2b1818
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
bzip2-1.0.2-12.EL3.src.rpm     1df6a3fe2bfb419f53e598bb44deab9b
 
IA-32:
bzip2-1.0.2-12.EL3.i386.rpm     e7fd42a0bf51c0b23bc91f9e450c836d
bzip2-devel-1.0.2-12.EL3.i386.rpm     11fe9edd42891aa38f18e91a17372624
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
 
IA-64:
bzip2-1.0.2-12.EL3.ia64.rpm     a3b48a21181eb1120b1e2db88fb3819d
bzip2-devel-1.0.2-12.EL3.ia64.rpm     72f0da3ff13c9c22df11caba8c635ff6
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
bzip2-libs-1.0.2-12.EL3.ia64.rpm     2245f75a95420ae7f6bfcc754898d8b4
 
x86_64:
bzip2-1.0.2-12.EL3.x86_64.rpm     bd6ef21980958b82f6bc036cefd50855
bzip2-devel-1.0.2-12.EL3.x86_64.rpm     c4adf6a89569ac1e0ab8a7eedad73f20
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
bzip2-libs-1.0.2-12.EL3.x86_64.rpm     2ee5405d74ffecc7ca4391df545e8e50
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
bzip2-1.0.2-14.el4_7.src.rpm     ecd080a5cf226694d19873ffc0ed956a
 
IA-32:
bzip2-1.0.2-14.el4_7.i386.rpm     5de1916df92c3eb48c7faa2a0888e7aa
bzip2-devel-1.0.2-14.el4_7.i386.rpm     acafffc9c8d1e84de3fff493ea5651c6
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
 
IA-64:
bzip2-1.0.2-14.el4_7.ia64.rpm     255fd6520981c721a25d8d55261dd3f8
bzip2-devel-1.0.2-14.el4_7.ia64.rpm     3e7e9d5483320509ea25569d0268f3c5
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
bzip2-libs-1.0.2-14.el4_7.ia64.rpm     c44dbcb34b67b7726ecd5688cb969a7f
 
x86_64:
bzip2-1.0.2-14.el4_7.x86_64.rpm     6749d55f8868a51dd93d1dd8b7ed903a
bzip2-devel-1.0.2-14.el4_7.x86_64.rpm     a07a38d121ccd1047fc62307bc392edc
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
bzip2-libs-1.0.2-14.el4_7.x86_64.rpm     54064f23b5eab680dbe135d1a11a1653
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
bzip2-1.0.1-5.EL2.1.src.rpm     00f5b3cb808ba8c486fd8503de26835e
 
IA-32:
bzip2-1.0.1-5.EL2.1.i386.rpm     1a7f51f580c78fd11040b19dc4bf7b60
bzip2-devel-1.0.1-5.EL2.1.i386.rpm     720649af2863aea7ba2bd72154f9d736
bzip2-libs-1.0.1-5.EL2.1.i386.rpm     cb71f34960b9b5acc2da42d07c2b1818
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
bzip2-1.0.2-12.EL3.src.rpm     1df6a3fe2bfb419f53e598bb44deab9b
 
IA-32:
bzip2-1.0.2-12.EL3.i386.rpm     e7fd42a0bf51c0b23bc91f9e450c836d
bzip2-devel-1.0.2-12.EL3.i386.rpm     11fe9edd42891aa38f18e91a17372624
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
 
IA-64:
bzip2-1.0.2-12.EL3.ia64.rpm     a3b48a21181eb1120b1e2db88fb3819d
bzip2-devel-1.0.2-12.EL3.ia64.rpm     72f0da3ff13c9c22df11caba8c635ff6
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
bzip2-libs-1.0.2-12.EL3.ia64.rpm     2245f75a95420ae7f6bfcc754898d8b4
 
x86_64:
bzip2-1.0.2-12.EL3.x86_64.rpm     bd6ef21980958b82f6bc036cefd50855
bzip2-devel-1.0.2-12.EL3.x86_64.rpm     c4adf6a89569ac1e0ab8a7eedad73f20
bzip2-libs-1.0.2-12.EL3.i386.rpm     db375c1cc56603ff12b8e1745c3f0466
bzip2-libs-1.0.2-12.EL3.x86_64.rpm     2ee5405d74ffecc7ca4391df545e8e50
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
bzip2-1.0.2-14.el4_7.src.rpm     ecd080a5cf226694d19873ffc0ed956a
 
IA-32:
bzip2-1.0.2-14.el4_7.i386.rpm     5de1916df92c3eb48c7faa2a0888e7aa
bzip2-devel-1.0.2-14.el4_7.i386.rpm     acafffc9c8d1e84de3fff493ea5651c6
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
 
IA-64:
bzip2-1.0.2-14.el4_7.ia64.rpm     255fd6520981c721a25d8d55261dd3f8
bzip2-devel-1.0.2-14.el4_7.ia64.rpm     3e7e9d5483320509ea25569d0268f3c5
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
bzip2-libs-1.0.2-14.el4_7.ia64.rpm     c44dbcb34b67b7726ecd5688cb969a7f
 
x86_64:
bzip2-1.0.2-14.el4_7.x86_64.rpm     6749d55f8868a51dd93d1dd8b7ed903a
bzip2-devel-1.0.2-14.el4_7.x86_64.rpm     a07a38d121ccd1047fc62307bc392edc
bzip2-libs-1.0.2-14.el4_7.i386.rpm     b7f62b1de69d5c1745d818a296646b07
bzip2-libs-1.0.2-14.el4_7.x86_64.rpm     54064f23b5eab680dbe135d1a11a1653
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
bzip2-1.0.1-5.EL2.1.src.rpm     00f5b3cb808ba8c486fd8503de26835e
 
IA-64:
bzip2-1.0.1-5.EL2.1.ia64.rpm     318d6188f6d42eb95de1b5b0482b89f0
bzip2-devel-1.0.1-5.EL2.1.ia64.rpm     efe7d2e12a0ee69fa6540b824809a475
bzip2-libs-1.0.1-5.EL2.1.ia64.rpm     fcc4e98c6cabe04ba20f848ddc5493cf
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

438118 - CVE-2008-1372 bzip2: crash on malformed archive file


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/