UbuntuUpdates.org

Package "bzip2"

Name: bzip2

Description:

high-quality block-sorting file compressor - utilities

Latest version: 1.0.6-8ubuntu0.2
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://www.bzip.org/

Links

Save this URL for the latest version of "bzip2": https://www.ubuntuupdates.org/bzip2


Download "bzip2"


Other versions of "bzip2" in Xenial

Repository Area Version
base main 1.0.6-8
updates main 1.0.6-8ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.6-8ubuntu0.2 2019-07-04 15:07:26 UTC

  bzip2 (1.0.6-8ubuntu0.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:27:38 -0300

Source diff to previous version
1834494 latest bzip2 reports crc errors incorrectly
CVE-2019-12900 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Version: 1.0.6-8ubuntu0.1 2019-06-26 14:06:46 UTC

  bzip2 (1.0.6-8ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-3189.patch: add
      a outFile NULL in order to fix a potential user-after-free
      in bzip2/recover.c.
    - CVE-2016-3189
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2019-12900.patch: make sure
      nSelectors is not out of range in decompress.c.
    - CVE-2019-12900

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 24 Jun 2019 15:32:01 -0300

CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, re
CVE-2019-12900 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.



About   -   Send Feedback to @ubuntu_updates