Ubuntu 6589 Published by

The following updates has been released for Ubuntu Linux:

USN-4038-3: bzip2 regression
USN-4038-4: bzip2 regression
USN-4046-1: Irssi vulnerabilities



USN-4038-3: bzip2 regression


=========================================================================
Ubuntu Security Notice USN-4038-3
July 04, 2019

bzip2 regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

USN-4038-1 introduced a regression in bzip2.

Software Description:
- bzip2: high-quality block-sorting file compressor - utilities

Details:

USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing
bzip2 to incorrect raises CRC errors for some files.

We apologize for the inconvenience.

Original advisory details:

It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
bzip2 1.0.6-9ubuntu0.19.04.1
libbz2-1.0 1.0.6-9ubuntu0.19.04.1

Ubuntu 18.10:
bzip2 1.0.6-9ubuntu0.18.10.1
libbz2-1.0 1.0.6-9ubuntu0.18.10.1

Ubuntu 18.04 LTS:
bzip2 1.0.6-8.1ubuntu0.2
libbz2-1.0 1.0.6-8.1ubuntu0.2

Ubuntu 16.04 LTS:
bzip2 1.0.6-8ubuntu0.2
libbz2-1.0 1.0.6-8ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4038-3
https://usn.ubuntu.com/4038-1
https://launchpad.net/bugs/1834494

Package Information:
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8.1ubuntu0.2
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8ubuntu0.2

USN-4038-4: bzip2 regression


=========================================================================
Ubuntu Security Notice USN-4038-4
July 04, 2019

bzip2 regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

USN-4038-1 introduced a regression in bzip2.

Software Description:
- bzip2: high-quality block-sorting file compressor - utilities

Details:

USN-4038-1 fixed a vulnerability in bzip2. The update introduced
a regression causing bzip2 to incorrect raises CRC errors for some
files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.

We apologize for the inconvenience.

Original advisory details:

It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
bzip2 1.0.6-5ubuntu0.1~esm2
lib32bz2-1.0 1.0.6-5ubuntu0.1~esm2
lib64bz2-1.0 1.0.6-5ubuntu0.1~esm2
libbz2-1.0 1.0.6-5ubuntu0.1~esm2

Ubuntu 12.04 ESM:
bzip2 1.0.6-1ubuntu0.2
lib32bz2-1.0 1.0.6-1ubuntu0.2
lib64bz2-1.0 1.0.6-1ubuntu0.2
libbz2-1.0 1.0.6-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4038-4
https://usn.ubuntu.com/4038-1
https://launchpad.net/bugs/1834494

USN-4046-1: Irssi vulnerabilities


=========================================================================
Ubuntu Security Notice USN-4046-1
July 04, 2019

irssi vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Irssi.

Software Description:
- irssi: terminal based IRC client

Details:

It was discovered that Irssi incorrectly handled certain disconnections.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-7054)

It was discovered that Irssi incorrectly handled certain requests.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2019-13045)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
irssi 1.2.0-2ubuntu1.1

Ubuntu 18.10:
irssi 1.1.1-1ubuntu1.2

Ubuntu 18.04 LTS:
irssi 1.0.5-1ubuntu4.2

Ubuntu 16.04 LTS:
irssi 0.8.19-1ubuntu1.9

After a standard system update you need to restart Irssi to make all the necessary changes.

References:
https://usn.ubuntu.com/4046-1
CVE-2018-7054, CVE-2019-13045

Package Information:
https://launchpad.net/ubuntu/+source/irssi/1.2.0-2ubuntu1.1
https://launchpad.net/ubuntu/+source/irssi/1.1.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/irssi/1.0.5-1ubuntu4.2
https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.9