CVE-2011-4089

NameCVE-2011-4089
DescriptionThe bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs632862

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bzip2 (PTS)jessie, jessie (lts)1.0.6-7+deb8u2fixed
stretch (lts), stretch1.0.6-8.1+deb9u1fixed
buster (security), buster, buster (lts)1.0.6-9.2~deb10u2fixed
bullseye1.0.8-4fixed
bookworm1.0.8-5fixed
sid, trixie1.0.8-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bzip2sourcesqueeze1.0.5-6+squeeze1
bzip2source(unstable)1.0.6-1low632862

Notes

[lenny] - bzip2 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems