Problem Description
Two problems have been discovered relating to the
extraction of bzip2-compressed files. First, a carefully
constructed invalid bzip2 archive can cause bzip2 to enter
an infinite loop. Second, when creating a new file, bzip2
closes the file before setting its permissions.
Impact
The first problem can cause bzip2 to extract a bzip2
archive to an infinitely large file. If bzip2 is used in
automated processing of untrusted files this could be
exploited by an attacker to create an denial-of-service
situation by exhausting disk space or by consuming all
available cpu time.
The second problem can allow a local attacker to change the
permissions of local files owned by the user executing bzip2
providing that they have write access to the directory in
which the file is being extracted.
Workaround
Do not uncompress bzip2 archives from untrusted sources and
do not uncompress files in directories where untrusted users
have write access.