FreeBSD Security Advisory (bzip2)

The FreeBSD Security Team have identified a little bug in FreeBSD with the integer overflow in bzip2 decompression:

I. Background

“The bzip2/bunzip2 utilities and the libbz2 library compress and decompress files using an algorithm based on the Burrows-Wheeler transform. They are generally slower than Lempel-Ziv compressors such as gzip, but usually
provide a greater compression ratio.

II. Problem Description

When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.

III. Impact

An attacker who can cause maliciously chosen inputs to be decompressed can cause the decompressor to crash. It is suspected that such an attacker can cause arbitrary code to be executed, but this is not known for certain.

Note that some utilities, including the tar archiver and the bspatch binary patching utility (used in portsnap and freebsd-update) decompress bzip2-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2-compressed data even if they never explicitly invoke the bunzip2 utility.”

To avoid potential problems, you need to upgrade.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>