Bug#597585: marked as done ([SECURITY] [DSA-2112-1] CVE-2010-0405 integer overflow)

Debian Bug Tracking System Mon, 20 Sep 2010 23:51:43 -0700

Your message dated Tue, 21 Sep 2010 06:48:30 +0000
with message-id <e1oxweu-0002lq...@franck.debian.org>
and subject line Bug#597585: fixed in bzip2 1.0.5-6
has caused the Debian Bug report #597585,
regarding [SECURITY] [DSA-2112-1] CVE-2010-0405 integer overflow
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
597585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597585
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: bzip2
Version: 1.0.5-5
Severity: serious
Tags: security patch pending

On Mon, Sep 20, 2010 at 11:05:59AM +0000, Stefan Fritsch wrote:
>Mikolaj Izdebski has discovered an integer overflow flaw in the 
>BZ2_decompress function in bzip2/libbz2. An attacker could use a 
>crafted bz2 file to cause a denial of service (application crash)
>or potentially to execute arbitrary code. (CVE-2010-0405)

On Mon, Sep 13, 2010 at 06:18:30AM +0200, Stefan Fritsch wrote:
>diff -U 5 bzip2-1.0.5-orig/decompress.c bzip2-1.0.5-mod/decompress.c
>--- bzip2-1.0.5-orig/decompress.c       2007-12-09 13:31:31.000000000 +0100
>+++ bzip2-1.0.5-mod/decompress.c        2010-06-23 23:05:49.000000000 +0200
>@@ -379,10 +379,17 @@
>          if (nextSym == BZ_RUNA || nextSym == BZ_RUNB) {
> 
>             es = -1;
>             N = 1;
>             do {
>+               /* Check that N doesn't get too big, so that es doesn't
>+                  go negative.  The maximum value that can be
>+                  RUNA/RUNB encoded is equal to the block size (post
>+                  the initial RLE), viz, 900k, so bounding N at 2
>+                  million should guard against overflow without
>+                  rejecting any legitimate inputs. */
>+               if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
>                if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
>                if (nextSym == BZ_RUNB) es = es + (1+1) * N;
>                N = N * 2;
>                GET_MTF_VAL(BZ_X_MTF_3, BZ_X_MTF_4, nextSym);
>             }

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: bzip2
Source-Version: 1.0.5-6

We believe that the bug you reported is fixed in the latest version of
bzip2, which is due to be installed in the Debian FTP archive:

bzip2-doc_1.0.5-6_all.deb
  to main/b/bzip2/bzip2-doc_1.0.5-6_all.deb
bzip2_1.0.5-6.diff.gz
  to main/b/bzip2/bzip2_1.0.5-6.diff.gz
bzip2_1.0.5-6.dsc
  to main/b/bzip2/bzip2_1.0.5-6.dsc
bzip2_1.0.5-6_mipsel.deb
  to main/b/bzip2/bzip2_1.0.5-6_mipsel.deb
libbz2-1.0_1.0.5-6_mipsel.deb
  to main/b/bzip2/libbz2-1.0_1.0.5-6_mipsel.deb
libbz2-dev_1.0.5-6_mipsel.deb
  to main/b/bzip2/libbz2-dev_1.0.5-6_mipsel.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 597...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <ani...@debian.org> (supplier of updated bzip2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 21 Sep 2010 10:33:49 +1000
Source: bzip2
Binary: libbz2-1.0 libbz2-dev bzip2 lib64bz2-1.0 lib64bz2-dev lib32bz2-1.0 
lib32bz2-dev bzip2-doc
Architecture: source all mipsel
Version: 1.0.5-6
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <ani...@debian.org>
Changed-By: Anibal Monsalve Salazar <ani...@debian.org>
Description: 
 bzip2      - high-quality block-sorting file compressor - utilities
 bzip2-doc  - high-quality block-sorting file compressor - documentation
 lib32bz2-1.0 - high-quality block-sorting file compressor library - 32bit 
runtim
 lib32bz2-dev - high-quality block-sorting file compressor library - 32bit 
develo
 lib64bz2-1.0 - high-quality block-sorting file compressor library - 64bit 
runtim
 lib64bz2-dev - high-quality block-sorting file compressor library - 64bit 
develo
 libbz2-1.0 - high-quality block-sorting file compressor library - runtime
 libbz2-dev - high-quality block-sorting file compressor library - development
Closes: 597585
Changes: 
 bzip2 (1.0.5-6) unstable; urgency=high
 .
   * Fix integer overflow
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
     http://www.debian.org/security/2010/dsa-2112
     Closes: 597585
Checksums-Sha1: 
 62ba3bc7edbca8567be9970510452f183c92893d 2062 bzip2_1.0.5-6.dsc
 6822a5a9732cec5efddcb9a59666f3410b2163aa 77537 bzip2_1.0.5-6.diff.gz
 29ab0ca003f39da3c70e29633924642f4a93e9bf 328060 bzip2-doc_1.0.5-6_all.deb
 5730a61c4d83575d7a9e3a5ee64de3aa7b4ce18f 49236 libbz2-1.0_1.0.5-6_mipsel.deb
 72b527822dbb60a4609299bf03f3496806e991d2 38100 libbz2-dev_1.0.5-6_mipsel.deb
 3d629e496fda46cedae93316624f081416b5d858 50178 bzip2_1.0.5-6_mipsel.deb
Checksums-Sha256: 
 94816abdd0b420349c82f97f721a9d2dd2c2340f274fbb61c7f1069167c7cc0a 2062 
bzip2_1.0.5-6.dsc
 9c10d55d0e364d272e80eec33dac4cb660b7040807eacc220226a4355b6a3285 77537 
bzip2_1.0.5-6.diff.gz
 49b683c22ed8f214abaa2ce4193906ab596c7c96ead20f02de93b031612f9553 328060 
bzip2-doc_1.0.5-6_all.deb
 9d806c8f51e6b58d8a449b0006838231f655c835ef3fb6888ab5eb67af28ee97 49236 
libbz2-1.0_1.0.5-6_mipsel.deb
 d14fcf7721d1d038bda98ef33a8d5d2d12914b5efe7ef0f68aef9fa744e3ca41 38100 
libbz2-dev_1.0.5-6_mipsel.deb
 800462b32b03674a642834e1c9a9e916be9a90afaec548d8d4372eedfa19244f 50178 
bzip2_1.0.5-6_mipsel.deb
Files: 
 ea54392c233535c1a6f09116c304937c 2062 utils important bzip2_1.0.5-6.dsc
 375794b434399c463af939dd2768db52 77537 utils important bzip2_1.0.5-6.diff.gz
 702e2191bd5d80d07e0a4465f22f434e 328060 doc optional bzip2-doc_1.0.5-6_all.deb
 1d6655bb6876f569b4f4ebc4da8ce719 49236 libs important 
libbz2-1.0_1.0.5-6_mipsel.deb
 8f3cfbaea79b70c17e67112c6b0c49b9 38100 libdevel optional 
libbz2-dev_1.0.5-6_mipsel.deb
 255cfcadac028dbf4e4affeace9af07f 50178 utils optional bzip2_1.0.5-6_mipsel.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJMmA02AAoJEHxWrP6UeJfYCssP/3+knLqo0qJrW7PIAGnMiwoy
PdGKxi3X9t1fG08BeCBVkNbR/MQYEodLi146jOBiYVCvEpwxTPY7Q/KuQjmRQOSB
yeRC4T7D/py/Au1yXg0RfKXqd/Ez9gNGrj4T4riyid6mRFvu/5BXEixrcRYBSyU2
ax1dCcr+6oTU/fk0HIvqVqGjqvWp7t0p/fofTMCIvoTy3dW5RyS9tFFNIrGVfPM3
YT1Y76pPlP4FCizcDo5hmSraXTT/F5+ir0YI/g/uYNuyxL72AdzAD6E7+qBB8TTM
4fgkNWJFKgNVug5+9n85uPK6qmFD7x8jYfyXifEVJZgnQnaf0G3FxVP4wjxQCt+E
Uk1FY9XFyFpDUxizBbrkyPqhdxkWBg5FghS1CT7tO3z/npbvtZCBPq5fyKJX9Zww
F5s357HBXQRjw7TswZbq02/jvy4QqXq5+L4Uxwya7EOkz9g4dMftMzz16v9hyjxj
Vq4Irff2i4WNx9xKDlTJRFEOvYzy65VXiHO1WVCg69mbAhfqluKP5LzSVT3cgsmX
CywS+8XRImDSe0H4HVWnBD2j5AoqXCbOP2iJekWbb1SX/d3MakP1cKd/lGGKTSiC
BXXxMoR3Dh88bFkP2HUX9hrkU/WU3JkQoyanAhfkRX1FMb8WqlrUi64+RJQh4IeT
oNkeFShm6OH53MTg38Xl
=51Wc
-----END PGP SIGNATURE-----

--- End Message ---

Bug#597585: marked as done ([SECURITY] [DSA-2112-1] CVE-2010-0405 integer overflow)

Reply via email to