Summary
The remote host is missing an update to bzip2
announced via advisory DSA 741-1.
Chris Evans discovered that a specially crafted archive can trigger an infinete loop in bzip2, a high-quality block-sorting file compressor.
During uncompression this results in an indefinitively growing output file which will finally fill up the disk and. On systems that automatically decompress bzip2 archives this can cause a denial of service.
For the oldstable distribution (woody) this problem has been fixed in version 1.0.2-1.woody5.
Solution
For the stable distribution (sarge) this problem has been fixed in version 1.0.2-7.
For the unstable distribution (sid) this problem has been fixed in version 1.0.2-7.
We recommend that you upgrade your bzip2 package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20741-1
Severity
Classification
-
CVE CVE-2005-1260 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities