MNBSD-2008-2: bzip2 buffer over-read fixed by updating to 1.0.5

Severity: Unknown

Affected Package: bzip2

Summary: bzip2 buffer over-read fixed by updating to 1.0.5

Description

bzip2 was updated to 1.0.5 in CURRENT to correct a security issue, a buffer over-read in bzlib that could cause a crash (denial of service) via a crafted compressed file. No dedicated FreeBSD Security Advisory was issued; it was handled as a contrib update.

Affected Versions

bzip2

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2008-1372

Published: April 06, 2008
Last Modified: April 06, 2008