USN-4038-4

Source
https://ubuntu.com/security/notices/USN-4038-4
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4038-4.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-4038-4
Related
Published
2019-07-04T15:48:25.645766Z
Modified
2019-07-04T15:48:25.645766Z
Summary
bzip2 regression
Details

USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.

We apologize for the inconvenience.

Original advisory details:

It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

References

Affected packages

Ubuntu:14.04:LTS / bzip2

Package

Name
bzip2
Purl
pkg:deb/ubuntu/bzip2?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6-5ubuntu0.1~esm2

Affected versions

1.*

1.0.6-4
1.0.6-5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.0.6-5ubuntu0.1~esm2",
            "binary_name": "bzip2"
        },
        {
            "binary_version": "1.0.6-5ubuntu0.1~esm2",
            "binary_name": "bzip2-doc"
        },
        {
            "binary_version": "1.0.6-5ubuntu0.1~esm2",
            "binary_name": "lib32bz2-1.0"
        },
        {
            "binary_version": "1.0.6-5ubuntu0.1~esm2",
            "binary_name": "lib32bz2-dev"
        },
        {
            "binary_version": "1.0.6-5ubuntu0.1~esm2",
            "binary_name": "lib64bz2-1.0"
        },
        {
            "binary_version": "1.0.6-5ubuntu0.1~esm2",
            "binary_name": "libbz2-dev"
        },
        {
            "binary_version": "1.0.6-5ubuntu0.1~esm2",
            "binary_name": "lib64bz2-dev"
        },
        {
            "binary_version": "1.0.6-5ubuntu0.1~esm2",
            "binary_name": "libbz2-1.0"
        }
    ]
}