Source | Text Version

QSN-4038-3: bzip2 regression

July 4, 2019

Summary

USN-4038-1 introduced a regression in bzip2.

Details

USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files.

We apologize for the inconvenience.

Original advisory details:

It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

References

https://usn.ubuntu.com/4038-3

https://usn.ubuntu.com/4038-1

https://launchpad.net/bugs/1834494

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l bzip2

If the current version you have is before 1.0.6-8ubuntu0.2, run the following:

$ sudo apt-get update
$ sudo apt-get install bzip2

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l libbz2-1.0

If the current version you have is before 1.0.6-8ubuntu0.2, run the following:

$ sudo apt-get update
$ sudo apt-get install libbz2-1.0

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.