bzip2-1.0.8-3.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10667-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z bzip2-1.0.8-3.2 on GA media These are all security issues fixed in the bzip2-1.0.8-3.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10667 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-1372/ SUSE CVE CVE-2008-1372 page https://www.suse.com/security/cve/CVE-2016-3189/ SUSE CVE CVE-2016-3189 page https://www.suse.com/security/cve/CVE-2019-12900/ SUSE CVE CVE-2019-12900 page openSUSE Tumbleweed bzip2-1.0.8-3.2 bzip2-doc-1.0.8-3.2 libbz2-1-1.0.8-3.2 libbz2-1-32bit-1.0.8-3.2 libbz2-devel-1.0.8-3.2 libbz2-devel-32bit-1.0.8-3.2 bzip2-1.0.8-3.2 as a component of openSUSE Tumbleweed bzip2-doc-1.0.8-3.2 as a component of openSUSE Tumbleweed libbz2-1-1.0.8-3.2 as a component of openSUSE Tumbleweed libbz2-1-32bit-1.0.8-3.2 as a component of openSUSE Tumbleweed libbz2-devel-1.0.8-3.2 as a component of openSUSE Tumbleweed libbz2-devel-32bit-1.0.8-3.2 as a component of openSUSE Tumbleweed bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. CVE-2008-1372 openSUSE Tumbleweed:bzip2-1.0.8-3.2 openSUSE Tumbleweed:bzip2-doc-1.0.8-3.2 openSUSE Tumbleweed:libbz2-1-1.0.8-3.2 openSUSE Tumbleweed:libbz2-1-32bit-1.0.8-3.2 openSUSE Tumbleweed:libbz2-devel-1.0.8-3.2 openSUSE Tumbleweed:libbz2-devel-32bit-1.0.8-3.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1372.html CVE-2008-1372 https://bugzilla.suse.com/372047 SUSE Bug 372047 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. CVE-2016-3189 openSUSE Tumbleweed:bzip2-1.0.8-3.2 openSUSE Tumbleweed:bzip2-doc-1.0.8-3.2 openSUSE Tumbleweed:libbz2-1-1.0.8-3.2 openSUSE Tumbleweed:libbz2-1-32bit-1.0.8-3.2 openSUSE Tumbleweed:libbz2-devel-1.0.8-3.2 openSUSE Tumbleweed:libbz2-devel-32bit-1.0.8-3.2 low 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3189.html CVE-2016-3189 https://bugzilla.suse.com/985657 SUSE Bug 985657 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900 openSUSE Tumbleweed:bzip2-1.0.8-3.2 openSUSE Tumbleweed:bzip2-doc-1.0.8-3.2 openSUSE Tumbleweed:libbz2-1-1.0.8-3.2 openSUSE Tumbleweed:libbz2-1-32bit-1.0.8-3.2 openSUSE Tumbleweed:libbz2-devel-1.0.8-3.2 openSUSE Tumbleweed:libbz2-devel-32bit-1.0.8-3.2 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12900.html CVE-2019-12900 https://bugzilla.suse.com/1139083 SUSE Bug 1139083 https://bugzilla.suse.com/1141513 SUSE Bug 1141513 https://bugzilla.suse.com/1149458 SUSE Bug 1149458