Release date:
Updated on:
Affected Systems:
Apache Group Commons Compress 1.4
Apache Group Commons Compress 1.0
Apache Group Ant 1.8.3
Apache Group Ant 1.6.2
Apache Group Ant 1.5
Unaffected system:
Apache Group Commons Compress 1.4.1
Apache Group Ant 1.8.4
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53676
Cve id: CVE-2012-2098
The Apache Commons Compress library defines an API that can process ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200, and bzip2 files. Apache Ant is a tool that automates software compilation, testing, deployment, and other steps. It is mostly used for software development in the Java environment.
Apache Commons Compress versions earlier than 1.4.1 have a security vulnerability when using bzip2 to Compress files. You can use this vulnerability to consume system resources by sending specially crafted files of the BZip2CompressorOutputStream class, resulting in DOS.
<* Source: David Jorm
Link: http://secunia.com/advisories/49286/
Http://commons.apache.org/compress/security.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
For this reason, Apache Group has released a Security Bulletin (Fixed in Apache Commons Compress 1.4.1) and corresponding patches:
Fixed in Apache Commons Compress 1.4.1: Reporting New Security Problems with Apache Commons Compress
Link: http://commons.apache.org/compress/security.html
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
