Updating bzip2 to remove potential security vulnerability
Dan Nelson
dnelson at allantgroup.com
Fri Oct 1 17:14:23 UTC 2010
In the last episode (Oct 01), Jerry said:
> I have seen several notices on other forums regarding the update of bzip2
> to correct a potential security problem. From the bzip2 web site:
>
> <quote>
> The current version is 1.0.6, released 20 Sept 2010.
>
> Version 1.0.6 removes a potential security vulnerability,
> CVE-2010-0405, so all users are recommended to upgrade immediately.
> </quote>
>
> The version supplied on FreeBSD-8.1/amd64 is version 1.0.5,
> 10-Dec-2007. Are there any plans to update this supplied version?
You must have missed
http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; patches
for 6, 7, and 8 are available there, and freebsd-update has fixed binaries
if you use that.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list