SM wrote: > At 01:11 05-09-2008, Tilman Schmidt wrote: > >> But even a manual "yum update" finds nothing to update. I cannot >> imagine Redhat/CentOS neglecting to provide a patch for that >> > > Why not? :-) > > The response was that "this issue can only result in a crash of the > bunzip2 process, which we do not consider to have any security impact." > > >> vulnerability, so I am probably doing something wrong. But what? >> > > You are not doing anything wrong. Get a newer version of bzip2. > > Regards, > -sm > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > > More info can be found here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1372 https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html redhat didn't patch it. Their latest version appears to be from 2005 - per the date on the file. -- Roberto Ullfig - [EMAIL PROTECTED] _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
