CVE-2016-3189

Related Files

FreeBSD Security Advisory - FreeBSD-SA-19:18.bzip2

Posted Aug 6, 2019

Site security.freebsd.org

FreeBSD Security Advisory - The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

tags | advisory, arbitrary

systems | freebsd

advisories | CVE-2016-3189, CVE-2019-12900

SHA-256 | c0796921394dbd2b07e095dfc85718db5fd86cd3cd5df94e1e8e5e3f050f2c2c

Download | Favorite | View

Slackware Security Advisory - bzip2 Updates

Posted Jul 15, 2019

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory

systems | linux, slackware

advisories | CVE-2016-3189, CVE-2019-12900

SHA-256 | 00866bf2e5233b7f677d14e90626aa037c9e605450c8c334a00f345e5e7dcabb

Download | Favorite | View

Ubuntu Security Notice USN-4038-2

Posted Jun 26, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-2 - USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability

systems | linux, ubuntu

advisories | CVE-2016-3189, CVE-2019-12900

SHA-256 | 5af3e4ba4c76321d949ac85669ff8c915024913a50dfa3112a979a45608c3dbe

Download | Favorite | View

Ubuntu Security Notice USN-4038-1

Posted Jun 26, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-1 - Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2016-3189, CVE-2019-12900

SHA-256 | 674256554b4a99a71c6d4e0f37049b77acba8fba7440b2a3d70deab7378c171b

Download | Favorite | View

Gentoo Linux Security Advisory 201708-08

Posted Aug 22, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201708-8 - An use-after-free vulnerability has been found in bzip2 that could allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.6-r8 are affected.

tags | advisory, remote, denial of service

systems | linux, gentoo

advisories | CVE-2016-3189

SHA-256 | 5253c85b763cf31254a3615b19f2ca67a15a7bef7732e42cd55f6e3f95a14ae1

Download | Favorite | View