Sicherheit: Ausführen beliebiger Kommandos in bzip2 (Aktualisierung)

Lesezeichen hinzufügen

--===============3697869830419955617==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="da4uJneut+ArUgXk"
Content-Disposition: inline

--da4uJneut+ArUgXk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4038-4
July 04, 2019

bzip2 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

USN-4038-1 introduced a regression in bzip2.

Software Description:
- bzip2: high-quality block-sorting file compressor - utilities

Details:

USN-4038-1 fixed a vulnerability in bzip2. The update introduced
a regression causing bzip2 to incorrect raises CRC errors for some
files. This update provides the corresponding update for Ubuntu 12.04 ESM and
14.04 ESM.

We apologize for the inconvenience.

Original advisory details:

It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
bzip2 1.0.6-5ubuntu0.1~esm2
lib32bz2-1.0 1.0.6-5ubuntu0.1~esm2
lib64bz2-1.0 1.0.6-5ubuntu0.1~esm2
libbz2-1.0 1.0.6-5ubuntu0.1~esm2

Ubuntu 12.04 ESM:
bzip2 1.0.6-1ubuntu0.2
lib32bz2-1.0 1.0.6-1ubuntu0.2
lib64bz2-1.0 1.0.6-1ubuntu0.2
libbz2-1.0 1.0.6-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4038-4
https://usn.ubuntu.com/4038-1
https://launchpad.net/bugs/1834494

--da4uJneut+ArUgXk
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJdHimbAAoJEEW851uECx9p4v4P/jxTXVksFNbvDyQ1K3MwpfRL
JBNWje7attD9Hlcyd/mC+TaCz0jL1VzdaU8mgP2n3ofNIjtLAYNKTMPI57NGpOTN
K9O4EASX5p1BMzoj84CivRmU9ozjoFNqzCMPXPkUQwJyNKB/sfqYF0ooKtYY2NxZ
bZYRhEesmjVQxGgOA2cZFm1SFoKQge4ktbEzGWDDwsOjWFhLXiQ3zsOnQssHtd8I
ssdmwb8bREJJStjHm6cvXaGW8+BGWZeUfJWf2wSzVpXFyK9uQZVhKnX/hjfwoZdP
aQMyj4F/Gonm1uOajDohwmI2QQNrZxlj26fPsLMPSDFQnvdDEpiA82nV9Ymhhb09
4KHNuqlzvwH2oDGcev55txUlgvZziBw794ZgJomXEAg7nMpZm8dxrq1kEo5LkgGk
58S5NIycRxR1zlYXl8SpAMWHJKUnrlG3eY+JFcoldzeVsEzfsvnVvK/nY5MSNkF0
/g405MLuD3qKfNLmSsQfU8axoMkr2jvvI959kN6fak5q9LMk2IIy0boqlqU2EoUH
NYR1tC4WoIcOe+PW0cGCmVpVwcPW2oEU03jSKG9xdHPHvHomWBAG3Do4Vc7bXduI
i8wFgP0Q9GIjL/Xj6O+2dUw5zHTLsL19oe1A+8XUNq9uEyP7kV5/udBTQPlDufmb
hhnkTpT64vbxmMLuRuSL
=n7Wr
-----END PGP SIGNATURE-----

--da4uJneut+ArUgXk--

--===============3697869830419955617==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce