You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa bzip2

Sigurnosni nedostaci programskog paketa bzip2

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4038-2
June 26, 2019

bzip2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in bzip2.

Software Description:
– bzip2: high-quality block-sorting file compressor – utilities

Details:

USN-4038-1 fixed several vulnerabilities in bzip2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-3189)

It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
bzip2 1.0.6-5ubuntu0.1~esm1
lib32bz2-1.0 1.0.6-5ubuntu0.1~esm1
lib64bz2-1.0 1.0.6-5ubuntu0.1~esm1
libbz2-1.0 1.0.6-5ubuntu0.1~esm1

Ubuntu 12.04 ESM:
bzip2 1.0.6-1ubuntu0.1
lib32bz2-1.0 1.0.6-1ubuntu0.1
lib64bz2-1.0 1.0.6-1ubuntu0.1
libbz2-1.0 1.0.6-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4038-2
https://usn.ubuntu.com/4038-1
CVE-2016-3189, CVE-2019-12900
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdE39TAAoJEEW851uECx9p3EQQAJnEBk4g0KMYL1CrtQ6YpZES
F6/F+GvrqOUn2n1TH155ptjzlRU3wDgbNScb2+3pxYLZ3apdn+gwjKae1U8nIr4q
eIFkV6+8kSvnBaIFWDN8+ub+xAkwrP6CM0piYMSMAq9GOiQGN90dDHO9+RhINV2R
HxVLoJGrAxqMyzvf3TqJuPbQp9IAhmWJzHZgGmVz7u0YlH1Ydd0ZmWYNVmcv4cDF
MznI6K40e/a6x7yTg9zrWa6geU9LOKw0N+Dvc2fjhsFzvv930X4MYhT6xuaG7V3x
YxiSUlyBg+zvArAwFyunNeyCJfz5VwjeCiyTmDWf6n5xLaTff2jRPlI5UjfiJjJQ
yE6OBoMT0/gkRS9CBxnpyIDvotyvnHPBvM392ivh3ywPZbulOmBDnsz4c20m2ahC
TWdwtuz13nQSODAY+RR63S/LxjOyfG0idSq+s/Zq7wSb9pMhn+/MIhcUP2aG6sCS
wdeMvNXlD5gPFOWlAJQsw2qlGi56nq3J/SyTrXq+1emhgr0ui+faH8k9qtKrhK3r
IaV/vSQVJqCVVyWhly5d/L3SHMAaA6/rlyQJFZ/S/xM3UH4WLp2BRFutQbmbQj6t
VQqNyjYGvp4yF04T3jYSDSAIQibWSVw0H2O5o6ANB4XGE3j6Xd8o+UGm7VBV0WTc
QVTGNCjoGKVdCOHjyd0i
=8M2I
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4038-1
June 26, 2019

bzip2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in bzip2.

Software Description:
– bzip2: high-quality block-sorting file compressor – utilities

Details:

Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189)

It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
bzip2 1.0.6-9ubuntu0.19.04
libbz2-1.0 1.0.6-9ubuntu0.19.04

Ubuntu 18.10:
bzip2 1.0.6-9ubuntu0.18.10
libbz2-1.0 1.0.6-9ubuntu0.18.10

Ubuntu 18.04 LTS:
bzip2 1.0.6-8.1ubuntu0.1
libbz2-1.0 1.0.6-8.1ubuntu0.1

Ubuntu 16.04 LTS:
bzip2 1.0.6-8ubuntu0.1
libbz2-1.0 1.0.6-8ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4038-1
CVE-2016-3189, CVE-2019-12900

Package Information:
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.19.04
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.18.10
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8.1ubuntu0.1
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8ubuntu0.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdE3bgAAoJEEW851uECx9p6tEP/2S8GdoInyINBqxSXmv8p2om
zkNiS7mKd0ahMe4021lsdoqC9wiM7NRLDwGTGwLyqTrJmjYx+H4yyGX18j5dHiQ4
Nflxu7S1PfJtbmO6TD2SeeIiZUE6To9SRDApf213gMPJVAexenLx1IQ6B58K/K9J
hh0mwf8IvcQ6fNpzueo0vKlf1veGnDIkhu2djR+TUNeiRUQ+6BSR552gV6SSvYnC
FN0HkNRyLSwRSFugggFOzJD1XSvscANRNd6FBnz2aY0vsDBirhntQdt+JoJWkph8
PoeYaDX49pZttB7wSEeyn5bkIn2SwbdyymROstBR3O80EM042waSVFKIq8MImyAN
XzzVLk4p4At8UAL0E4ruLV7WrgPL6zwmJYi9+5ABNQtjafV/V709qcgBVEHTtPBo
0kdYmj9nLjCKN9O2+O/qr8X9FOiF5AoWXV8jddb2oAH5iIwwuk7HTQsnhnyc3dKb
MdpDw/bG7PuTTZYc2x94Qc0jYrFssfbKSUhc+KtXY0WbrcsOoy0ObD5XSC9/1I1P
EcuErxnBf6cdMehlFl/j02U6782HafPMWO/7ogzGXprsoMmv9p2FUrhAMVfotEBH
jeBWB+kvw1Ny3IQie9AymCYSd1JTSBBBlVFfJMmiHLe52hLvgzTGHCqm9s7ZxZNi
AxwnYJDKOxWke42flbN/
=6JOR
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2019-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja. Savjetuje se ažuriranje izdanim...

Close