[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1833-1] bzip2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bzip2
Version        : 1.0.6-7+deb8u1
CVE ID         : CVE-2016-3189 CVE-2019-12900


Two issues in bzip2, a high-quality block-sorting file compressor, have been fixed. One, CVE-2019-12900, is a out-of-bounds write when using a crafted compressed file. The other, CVE-2016-3189, is a potential user-after-free.


For Debian 8 "Jessie", these problems have been fixed in version
1.0.6-7+deb8u1.

We recommend that you upgrade your bzip2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl0RMZNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeCRA/8CLmdYL0h5EVygYf5yzK0AoSWD9O1lx39QAwAs7DkZ8epcMl/NQ1kgJ5u
vcFwTuHYNtQL6s18oQ17H539EfCwwDSgAukIW/CYiCFe2crgSa9OasvgJpdfUuVh
+ak1WySkqf1xaQX2L/8tDqgS9wsbVXL0wY4Kv14ORk/Wbo3FnWy071GmFJn8YzUn
2iwrGW+471KohFYm7WkWrp3GP4nE/FDIWilSUe5aWKCXil2MNZmsw499a6zrPBXh
vgvNe56zaOw3AAceHPB1arrWXfJ9s748342xcEo96ApVyF4pxjpaj9HYTDrMBXmE
whGS+QJGykQ7gbjOm7PF7ANCQxOhZ/A+KwXBJUhEK+XcE2vU+BsL7AHAZ4ZCNwZw
RT19FW7Zj55tCEiuz370UzGpvtIPn/aaZE1ezbVYk95R/m+NUiz0T12pLrlnCvLR
/MY6BJnxqqkh8h1VIYOcJuZwoQm9Ns/wz2jD8Q/n3s2JiyYsCpdnSUor/7xk/eIf
OyVzLfJk/lxIezx7n3WtSLw2XvS+WuUaGD3D6Ol10fBwkyMDDk6vYkvF8d0y7Xc3
xp/UDDTcH64VUGv6Wa8eho6vTcTL4zivJEod025oOK6tZ4Tb1yuMjm/aZ0k5wUq4
btElpxPezqxVaYS9H6K26xuMebotAzQ+OT6lY2OMF8KxBruIRcE=
=+5Fk
-----END PGP SIGNATURE-----


Reply to: