NetBSD-Announce archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NetBSD Security Advisory 2010-007: Integer overflow in libbz2 decompression code

Hash: SHA1

                 NetBSD Security Advisory 2010-007

Topic:          Integer overflow in libbz2 decompression code

Version:        NetBSD-current: source prior to September 21, 2010
                NetBSD 5.0:             affected
                NetBSD 4.0.1:           affected
                pkgsrc:                 bzip2 package prior to 1.0.6

Severity:       potential remote DoS or code-injection attack

Fixed:          NetBSD-current:         Sep 20, 2010
                NetBSD-5 branch         Sep 23, 2010
                NetBSD-5-0 branch       Sep 23, 2010
                NetBSD-4 branch         Sep 23, 2010
                NetBSD-4-0 branch       Sep 23, 2010
                pkgsrc 2010Q2:          bzip2-1.0.6 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


The bzip2/bunzip2 functions and the libbz2 library provide compression
and decompression functionality similar to gzip/gunzip and libgzip but
with better compression ratio and worse compression performance.

The bug described in CVE-2010-0405 affects decompression and can cause
a local or remote DoS attack or possible random code execution
in a program that tries to decompress attacker controlled streams.

Technical Details

There is an integer overflow in the bzip2 decompression code which
can be used to cause a negative value to be used for a buffer size.
The bzip code is also used in other derivative programs such as tar(1)
and pax(1), so utilities using these programs can be affected.

Solutions and Workarounds

- - Patch, recompile, and re-install libbz2, restart all daemons possibly

  CVS branch    file                            revision
  ------------- ----------------                --------
  HEAD          src/dist/bzip2/decompress.c     1.2

  netbsd-5.0    src/dist/bzip2/decompress.c
  netbsd-5      src/dist/bzip2/decompress.c

  netbsd-4.0    src/dist/bzip2/decompress.c
  netbsd-4      src/dist/bzip2/decompress.c

The following instructions briefly summarize how to update and
recompile libbz2. In these instructions, replace:

  BRANCH   with the appropriate CVS branch (from the above table)
  FILES    with the file names for that branch (from the above table)

To update from CVS, re-build, and re-install libbz2:

        # cd src
        # cvs update -d -P -r BRANCH FILES
        # cd lib/libbz2
        # make USETOOLS=no cleandir dependall
        # make USETOOLS=no install
        # cd ../../rescue
        # make USETOOLS=no cleandir dependall
        # make USETOOLS=no install

Alternatively, apply the following patch (with potential offset

For more information on building (oriented towards rebuilding the
entire system, however) see:

Thanks To

Mikolaj Izdebski for finding and reporting the vulnerability.
Christos Zoulas for fixing the problem.

Revision History

        2010-09-27      Initial release

More Information

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at

Information about NetBSD and NetBSD security can be found at and .

Copyright 2010, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2010-007.txt,v 1.4 2010/09/27 20:41:45 tonnerre Exp $

Version: GnuPG v1.4.10 (NetBSD)


Home | Main Index | Thread Index | Old Index