Re: NetBSD's libbz2 affected by this?

To: netbsd-users%netbsd.org@localhost
Subject: Re: NetBSD's libbz2 affected by this?
From: Jonathan Schleifer <js-netbsd-users%webkeks.org@localhost>
Date: Sun, 23 Mar 2008 04:04:26 +0100

Just wanted to remind that this is still unfixed, hell, it's not even
mentioned on the NetBSD security page! It should at least be mentioned
there since it possibly allows arbitrary code execution! And there are a
_LOT_ of apps there that use bzip2, it's even used in networking
applications, which means a remote attacker could take control over the
user that runs the app! Apps like GnuPG use it, rendering them totally
useless if private keys can be stolen through this bug!
It seems like nobody of the devs cares, but this is URGENT! The bug is
known for too long now and it is assumed that arbitrary code execution
is likely, it won't take long until someone succeeds in exploiting it if
it allows arbitrary code execution!

-- 
Jonathan

Follow-Ups:
- Re: NetBSD's libbz2 affected by this?
  - From: David Huang

References:
- NetBSD's libbz2 affected by this?
  - From: Jonathan Schleifer
- Re: NetBSD's libbz2 affected by this?
  - From: Brian A. Seklecki
- Re: NetBSD's libbz2 affected by this?
  - From: Jonathan Schleifer
- Re: NetBSD's libbz2 affected by this?
  - From: Brian A. Seklecki
- Re: NetBSD's libbz2 affected by this?
  - From: Jonathan Schleifer

Prev by Date: 4.0_STABLE soft reboot hangs on PowerEdge 2550
Next by Date: Re: NIC timeouts since upgrade to 4.0
Previous by Thread: Re: NetBSD's libbz2 affected by this?
Next by Thread: Re: NetBSD's libbz2 affected by this?
Indexes:

Home | Main Index | Thread Index | Old Index