Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: bzip2 vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service.
Ubuntu Security Notice USN-590-1             March 24, 2008
bzip2 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libbz2-1.0                      1.0.3-0ubuntu2.1

Ubuntu 6.10:
  libbz2-1.0                      1.0.3-3ubuntu0.1

Ubuntu 7.04:
  libbz2-1.0                      1.0.3-6ubuntu0.1

Ubuntu 7.10:
  libbz2-1.0                      1.0.4-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that bzip2 did not correctly handle certain malformed
archives.  If a user or automated system were tricked into processing
a specially crafted bzip2 archive, applications linked against libbz2
could be made to crash, possibly leading to a denial of service.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    72067 9b73f1a1cbea8f8e7dfba9b0cd358bf3
      Size/MD5:      833 180fa43bfd8645b2a0c353b8927961c4
      Size/MD5:   669075 8a716bebecb6e647d2e8a29ea5d8447f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   268000 b9532e26529bda8991e97cd819544aba
      Size/MD5:    38388 baf7e58f129b30288d0cf1f76df39255
      Size/MD5:    30688 1c98274562642c9a3dee9bb91c070b5a
      Size/MD5:    40978 b904382cd76c9ffcd0dc92a5c3219a1a
      Size/MD5:    32500 f6bf61f94fc0b4351fd79532df9025b1

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   265034 71b410100340e0df581c1dd8b5dfe316
      Size/MD5:    35690 ad14744ff24eb1decb20995a7a9bbeb1
      Size/MD5:    29518 a835eb9af19b2c045393c8c4c483f51c
      Size/MD5:    43012 4407f311343b9ca791aabf98bfdcd751
      Size/MD5:    32564 1b4dbd9a480cf4515cd7a7b64e1c215b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   268616 c397d3782a2b937a84f05d39bbe0666d
      Size/MD5:    39518 5dc92398adb2a55977e4aa395062deac
      Size/MD5:    33064 d8d02ff467de3cb1aa966d01d55bff63
      Size/MD5:    43586 2c0696f8499181a13ca2c4a019972b9f
      Size/MD5:    33864 60dde6ba6b87d7bb261e04dfe1a89560

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   266558 69f664880f5c2d982a7906c21d01b60d
      Size/MD5:    37524 1cc8f48aa7130c5d6523aa9be202b1d5
      Size/MD5:    31480 9a826b5230f20fe079150562ab96d427
      Size/MD5:    40510 3a5787038eb631638918245f0ecb0460
      Size/MD5:    32010 7a05d5fe1e1b4a90dfef111e01e6c661

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    72910 f0ee43d65ceafedcfb89e84d7a6a84b5
      Size/MD5:      887 6dbabc13e388138fc8bd271f7c521218
      Size/MD5:   669075 8a716bebecb6e647d2e8a29ea5d8447f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   268466 ba96d43b05d0f4d70d0693b8ec6dc45a
      Size/MD5:    36484 54ac11540a1f9ebeb2e8207581565b27
      Size/MD5:    29258 61502f1c1dd54ece6a210c4a27aa841f
      Size/MD5:    41320 ec4c49a63283a2ce8961549ef884b32c
      Size/MD5:    32404 884923c398c46a105597a07231e40dfc

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   265994 2cf7a465438cba563663bac727eb0171
      Size/MD5:    35976 be6b7111e0b6ab34d4f59fd3c3ef79c2
      Size/MD5:    29390 996172c9d38f0f74eb9b7636cb50e4a9
      Size/MD5:    41724 5eb28101d70842d52add63c4ded3a78b
      Size/MD5:    32130 6669754e7924ae13e0c78549585dab68

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   269554 dce122e34946819b3aca55663958689e
      Size/MD5:    41886 80c1da7a792929a6a2f913a79d07e871
      Size/MD5:    34972 2f7ebbbcc7b471a6521989acca861c23
      Size/MD5:    45914 61ee3716c49ef08178b99228a00660d7
      Size/MD5:    35752 b21e379f844f57083ec6fa72b4f21926

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   267394 3248ae0bb35ad6d238df41eb18d5631b
      Size/MD5:    40442 2c936325437b86c1cffed94af70b5967
      Size/MD5:    33844 b20b3fa3e3272b6dfd8e81cd01d1376e
      Size/MD5:    41908 cae6101436671a4ec22079d19c5073f3
      Size/MD5:    33130 97a7d92dc65a87ab27fd35148ef2b601

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:    73260 fd44facd77b9d5c8ee403c87956959d3
      Size/MD5:      998 a0e1544931745cc9219b440f5a50ed33
      Size/MD5:   669075 8a716bebecb6e647d2e8a29ea5d8447f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   269010 7fd27a00599be078eaa69431b3427614
      Size/MD5:    37204 a302c00544f28f77748248d2947967e3
      Size/MD5:    29296 1291a663855bfca22a9a7730a6445982
      Size/MD5:    41938 53509b290d6b38e9fd1ce3c70e5815ef
      Size/MD5:    32416 7242fc55f28d1c7982a22e6797e29642

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   266466 29d5d61cc8ec2d32b84475e5624a5e1e
      Size/MD5:    36576 f850663d1ae752357646bbe40b049f8c
      Size/MD5:    29392 b447037b639fd00b97c2c9caae277da3
      Size/MD5:    42306 8f14ca607c277581f7b3ae84b4716ab4
      Size/MD5:    32098 db5b00b2ca199be08e13a306803b91c2

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   271630 86e6f57b81c780aee0b2bd91e5429e10
      Size/MD5:    42422 f75ff05ab027e94f0a24fbd7634f4a57
      Size/MD5:    34918 8d5a7b0b94806d8e405a03a92d61f68d
      Size/MD5:    47436 2e371d647ff08833e0108718e7a216e5
      Size/MD5:    35706 0bdaa4e65a73f0b2b54a54847e69d734

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   268298 16d932810a4f43245341394cedb3a99c
      Size/MD5:    41354 cb83e7203ce37dbd8b26de9533e5acbb
      Size/MD5:    33992 754e583ecd06426b9a7ceb64e0c8454b
      Size/MD5:    42488 a7aa7db5f92553b7cfc386e62a408f5a
      Size/MD5:    32994 56b05fbc008a7e8c07d96eca551d3688

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:    72929 d71a1950e9b6665ca07da25d3e70d377
      Size/MD5:      941 d5800a50a383b6643ffc1f394c6130bc
      Size/MD5:   841221 fc310b254f6ba5fbb5da018f04533688

  Architecture independent packages:
      Size/MD5:   327412 cba2f8043e206d019796dfc9083a57d4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    46802 ed4ea9c52fa96cae4ef7acf6a6f60a23
      Size/MD5:    37354 adffef220c30bd947f7784c897dd2e79
      Size/MD5:    29040 4886f1c7781b656bbbc4955a7e191a44
      Size/MD5:    42808 289a6459e679b9c53249d7d47e7effd7
      Size/MD5:    31674 7e831b49cf92a1f7e60cefb1c50a88ae

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    44742 e2f6842369c8bbe0388d43d282abdd30
      Size/MD5:    36912 14499394e7099fe7c0110a1326d63205
      Size/MD5:    29542 add7aacd22dadeb234856b9f9a0ec414
      Size/MD5:    43094 e19195eb92daaa687cb2072672201c25
      Size/MD5:    30954 040a5868fb8a016e08e5dd9e5ec1a446

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    49208 b2898aa7fa213ae0774bce2e2d3758fc
      Size/MD5:    42660 434f7394c2ea5b9cc10e0bee2873a516
      Size/MD5:    34944 a79290347970fc38d55f63012b210470
      Size/MD5:    48154 81516aa253c227097cf57ac526061ee5
      Size/MD5:    34782 207352da7d6f414dbb20eb449f279ebc

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    46304 681bcace6d88ba3dad0a9611fd38aa82
      Size/MD5:    41586 e5885183ba0d1ff58bbdef629741883c
      Size/MD5:    34102 0ab8ccc082f6f675ed2f81865aa9f51b
      Size/MD5:    43444 2ff7c281c9b4864bb5a63724dd637e73
      Size/MD5:    32148 5c3c764e38985ea2225440dcad7a7c13

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============I06844667401575970=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.