An update for bzip2 is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2786 Final 1.0 1.0 2026-06-24 Initial 2026-06-24 2026-06-24 openEuler SA Tool V1.0 2026-06-24 bzip2 security update An update for bzip2 is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4 bzip2 is a freely available, patent free, high-quality data compressor. It typically compresses files to within 10% to 15% of the best available techniques (the PPM family of statistical compressors), whilst being around twice as fast at compression and six times faster at decompression. Security Fix(es): bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67(CVE-2026-42250) An update for bzip2 is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium bzip2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2786 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42250 https://nvd.nist.gov/vuln/detail/CVE-2026-42250 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 bzip2-1.0.8-9.oe2403sp1.aarch64.rpm bzip2-debuginfo-1.0.8-9.oe2403sp1.aarch64.rpm bzip2-debugsource-1.0.8-9.oe2403sp1.aarch64.rpm bzip2-devel-1.0.8-9.oe2403sp1.aarch64.rpm bzip2-1.0.8-9.oe2403sp3.aarch64.rpm bzip2-debuginfo-1.0.8-9.oe2403sp3.aarch64.rpm bzip2-debugsource-1.0.8-9.oe2403sp3.aarch64.rpm bzip2-devel-1.0.8-9.oe2403sp3.aarch64.rpm bzip2-1.0.8-7.oe2003sp4.aarch64.rpm bzip2-debuginfo-1.0.8-7.oe2003sp4.aarch64.rpm bzip2-debugsource-1.0.8-7.oe2003sp4.aarch64.rpm bzip2-devel-1.0.8-7.oe2003sp4.aarch64.rpm bzip2-1.0.8-7.oe2203sp4.aarch64.rpm bzip2-debuginfo-1.0.8-7.oe2203sp4.aarch64.rpm bzip2-debugsource-1.0.8-7.oe2203sp4.aarch64.rpm bzip2-devel-1.0.8-7.oe2203sp4.aarch64.rpm bzip2-1.0.8-9.oe2403sp1.src.rpm bzip2-1.0.8-9.oe2403sp3.src.rpm bzip2-1.0.8-7.oe2003sp4.src.rpm bzip2-1.0.8-7.oe2203sp4.src.rpm bzip2-1.0.8-9.oe2403sp1.x86_64.rpm bzip2-debuginfo-1.0.8-9.oe2403sp1.x86_64.rpm bzip2-debugsource-1.0.8-9.oe2403sp1.x86_64.rpm bzip2-devel-1.0.8-9.oe2403sp1.x86_64.rpm bzip2-1.0.8-9.oe2403sp3.x86_64.rpm bzip2-debuginfo-1.0.8-9.oe2403sp3.x86_64.rpm bzip2-debugsource-1.0.8-9.oe2403sp3.x86_64.rpm bzip2-devel-1.0.8-9.oe2403sp3.x86_64.rpm bzip2-1.0.8-7.oe2003sp4.x86_64.rpm bzip2-debuginfo-1.0.8-7.oe2003sp4.x86_64.rpm bzip2-debugsource-1.0.8-7.oe2003sp4.x86_64.rpm bzip2-devel-1.0.8-7.oe2003sp4.x86_64.rpm bzip2-1.0.8-7.oe2203sp4.x86_64.rpm bzip2-debuginfo-1.0.8-7.oe2203sp4.x86_64.rpm bzip2-debugsource-1.0.8-7.oe2203sp4.x86_64.rpm bzip2-devel-1.0.8-7.oe2203sp4.x86_64.rpm bzip2-help-1.0.8-9.oe2403sp1.noarch.rpm bzip2-help-1.0.8-9.oe2403sp3.noarch.rpm bzip2-help-1.0.8-7.oe2003sp4.noarch.rpm bzip2-help-1.0.8-7.oe2203sp4.noarch.rpm bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 2026-06-24 CVE-2026-42250 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 Medium 4.8 AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N bzip2 security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2786