USN-5840-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5840-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5840-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-5840-1

Related

Published

2023-02-02T13:36:09.142109Z

Modified

2023-02-02T13:36:09.142109Z

Summary

lrzip vulnerabilities

Details

It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467)

It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347)

It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2022-26291)

It was discovered that Long Range ZIP incorrectly handled memory allocation, which could lead to a heap memory corruption. An attacker could possibly use this issue to cause denial of service. This issue affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-28044)

References

Affected packages

Ubuntu:Pro:14.04:LTS / lrzip

Package

Name: lrzip
Purl: pkg:deb/ubuntu/lrzip@0.616-1ubuntu0.1~esm2?arch=source&distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.616-1ubuntu0.1~esm2

Affected versions

0.*

0.608-2

0.616-1

0.616-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.616-1ubuntu0.1~esm2",
            "binary_name": "lrzip"
        },
        {
            "binary_version": "0.616-1ubuntu0.1~esm2",
            "binary_name": "lrzip-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / lrzip

Package

Name: lrzip
Purl: pkg:deb/ubuntu/lrzip@0.621-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.621-1ubuntu0.1~esm2

Affected versions

0.*

0.621-1

0.621-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.621-1ubuntu0.1~esm2",
            "binary_name": "lrzip"
        },
        {
            "binary_version": "0.621-1ubuntu0.1~esm2",
            "binary_name": "lrzip-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / lrzip

Package

Name: lrzip
Purl: pkg:deb/ubuntu/lrzip@0.631-1+deb9u3build0.18.04.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.631-1+deb9u3build0.18.04.1

Affected versions

0.*

0.631-1

0.631-1+deb9u1build0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.631-1+deb9u3build0.18.04.1",
            "binary_name": "lrzip"
        },
        {
            "binary_version": "0.631-1+deb9u3build0.18.04.1",
            "binary_name": "lrzip-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / lrzip

Package

Name: lrzip
Purl: pkg:deb/ubuntu/lrzip@0.631+git180528-1+deb10u1build0.20.04.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.631+git180528-1+deb10u1build0.20.04.1

Affected versions

0.*

0.631+git180528-1

0.631+git180528-1build1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.631+git180528-1+deb10u1build0.20.04.1",
            "binary_name": "lrzip"
        },
        {
            "binary_version": "0.631+git180528-1+deb10u1build0.20.04.1",
            "binary_name": "lrzip-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / lrzip

Package

Name: lrzip
Purl: pkg:deb/ubuntu/lrzip@0.651-2ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.651-2ubuntu0.22.04.1

Affected versions

0.*

0.641-1

0.651-2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.651-2ubuntu0.22.04.1",
            "binary_name": "lrzip"
        },
        {
            "binary_version": "0.651-2ubuntu0.22.04.1",
            "binary_name": "lrzip-dbgsym"
        }
    ]
}