INFSA-2025:0733: bzip2 security update
Information about definition
Identificator: INFSA-2025:0733
Type: security
Release date: 2025-03-05 17:08:49 UTC
Information about package
The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs.
Vulnerabilities description
- CVE-2019-12900
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. Bug Fix * Recent bzip2 RHEL8 update breaks data integrity tests.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2019-12900
|
no information | 3.3 | no information |
Updated packages