ELA-855-1 bzip2 security update

out-of-bounds write

Version1.0.6-8.1+deb9u1 (stretch)
Related CVEs CVE-2019-12900

A vulnerability has been fixed in bzip2, a high-quality block-sorting file compressor. CVE-2019-12900 is a out-of-bounds write when using a crafted compressed file.

This vulnerability was fixed in Debian Jessie, with bzip2 version 1.0.6-4+deb7u1

For Debian 9 stretch, these problems have been fixed in version 1.0.6-8.1+deb9u1.

We recommend that you upgrade your bzip2 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.