Source | Text Version

QSN-4038-1: bzip2 vulnerabilities

June 26, 2019

Summary

Several security issues were fixed in bzip2.

Details

Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189)

It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900)

References

https://usn.ubuntu.com/4038-1

http://people.canonical.com/~ubuntu-security/cve/CVE-2016-3189

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-12900

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l bzip2

If the current version you have is before 1.0.6-8ubuntu0.1, run the following:

$ sudo apt-get update
$ sudo apt-get install bzip2

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l libbz2-1.0

If the current version you have is before 1.0.6-8ubuntu0.1, run the following:

$ sudo apt-get update
$ sudo apt-get install libbz2-1.0

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.