Updating bzip2 to remove potential security vulnerability

Dan Nelson dnelson at allantgroup.com
Fri Oct 1 17:14:23 UTC 2010


In the last episode (Oct 01), Jerry said:
> I have seen several notices on other forums regarding the update of bzip2
> to correct a potential security problem.  From the bzip2 web site:
> 
> <quote>
> The current version is 1.0.6, released 20 Sept 2010.
> 
> Version 1.0.6 removes a potential security vulnerability,
> CVE-2010-0405, so all users are recommended to upgrade immediately.
> </quote>
> 
> The version supplied on FreeBSD-8.1/amd64 is version 1.0.5,
> 10-Dec-2007. Are there any plans to update this supplied version?

You must have missed 
http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; patches
for 6, 7, and 8 are available there, and freebsd-update has fixed binaries
if you use that.

-- 
	Dan Nelson
	dnelson at allantgroup.com


More information about the freebsd-questions mailing list