Note: This is an archival copy of Security Sun Alert 241786 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019589.1.
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release
A Security Vulnerability in the bzip2(1) command may lead to a Denial of Service (DoS)
A security vulnerability in the bzip2(1) command and libbz2(3) library shipped with Solaris may allow a local or remote unprivileged user who provides a specially crafted bzip2 archive to cause a program crash which is a type of Denial of Service (DoS).
Additional information regarding this issue is available in the following document:
CVE-2008-1372 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
2. Contributing Factors
A program which is making of use the bzip2(1) command or libbz2(3) library could crash while decompressing bzip2 archives.
There is no workaround for this issue. Please see the Resolution section below.
Until patch updates can be applied, users should avoid using bzip2(1) archives from untrusted sources.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment