Users of New bzip2 packages please be advised of fix integer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
DSA-2112-1: [DSA-2112-1] New bzip2 packages fix integer overflow
Mikolaj Izdebski has discovered an integer overflow flaw in the
BZ2_decompress function in bzip2/libbz2. An attacker could use a
crafted bz2 file to cause a denial of service (application crash)
or potentially to execute arbitrary code. (CVE-2010-0405)
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9ncLSH
No comments:
Post a Comment