NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD's libbz2 affected by this?




On Mar 22, 2008, at 10:04 PM, Jonathan Schleifer wrote:

Just wanted to remind that this is still unfixed, hell, it's not even
mentioned on the NetBSD security page! It should at least be mentioned
there since it possibly allows arbitrary code execution! And there are a
_LOT_ of apps there that use bzip2, it's even used in networking
applications, which means a remote attacker could take control over the
user that runs the app! Apps like GnuPG use it, rendering them totally
useless if private keys can be stolen through this bug!
It seems like nobody of the devs cares, but this is URGENT! The bug is
known for too long now and it is assumed that arbitrary code execution
is likely, it won't take long until someone succeeds in exploiting it if
it allows arbitrary code execution!

In what was is it unfixed? Two people replied to your original post saying that it has been fixed:
http://mail-index.netbsd.org/netbsd-users/2008/03/18/msg000397.html
http://mail-index.netbsd.org/netbsd-users/2008/03/19/msg000400.html

--
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym%azeotrope.org@localhost |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 31 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA + PL++



Home | Main Index | Thread Index | Old Index