Security update for BZIP2
Knowledgebase
(Last modified: 29JUL2002)
solutions Security update for BZIP2 SuSE Linux Maintenance Web (6e8cc5a72d3d746459f4f497b93e7d55)
SuSE Linux Admin-CD for Firewall
SuSE Linux Enterprise Server 7 for IBM zSeries
SuSE eMail Server III
SuSE Linux Enterprise Server 7 for PowerPC
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Enterprise Server 7 for IA64
SuSE Linux Enterprise Server 7 for S/390 and zSeries
SuSE Linux Enterprise Server for S/390
SuSE eMail Server 3.1
SuSE Linux Office Server
SuSE Firewall Adminhost VPN
SuSE Linux Connectivity Server
Package: bzip
Release: 20020729
Obsoletes: none
bzip2
utility:When decompressing archive the utility failed to use the
O_EXCL
flag which could lead to the utility overwriting files without warning.In addition the utility did not securely create new files causing a race condition between creating the file and setting the correct permissions.
When compressing a file pointed to by a symbolic link, the
bzip2
utility incorrectly stored the permissions of the symbolic link instead of the file. This may result in potentially
lax file permissions (
rwxr-xr-x
), causing the decompressed file to beworld-readable.
rpm -Uvh bzip.rpm
Download Source Packages
Download the source code of the patches for maintained products.
Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.