The following updates has been released for Ubuntu Linux:
USN-4038-3: bzip2 regression
USN-4038-4: bzip2 regression
USN-4046-1: Irssi vulnerabilities
USN-4038-3: bzip2 regression
USN-4038-4: bzip2 regression
USN-4046-1: Irssi vulnerabilities
USN-4038-3: bzip2 regression
=========================================================================
Ubuntu Security Notice USN-4038-3
July 04, 2019
bzip2 regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-4038-1 introduced a regression in bzip2.
Software Description:
- bzip2: high-quality block-sorting file compressor - utilities
Details:
USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing
bzip2 to incorrect raises CRC errors for some files.
We apologize for the inconvenience.
Original advisory details:
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
bzip2 1.0.6-9ubuntu0.19.04.1
libbz2-1.0 1.0.6-9ubuntu0.19.04.1
Ubuntu 18.10:
bzip2 1.0.6-9ubuntu0.18.10.1
libbz2-1.0 1.0.6-9ubuntu0.18.10.1
Ubuntu 18.04 LTS:
bzip2 1.0.6-8.1ubuntu0.2
libbz2-1.0 1.0.6-8.1ubuntu0.2
Ubuntu 16.04 LTS:
bzip2 1.0.6-8ubuntu0.2
libbz2-1.0 1.0.6-8ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4038-3
https://usn.ubuntu.com/4038-1
https://launchpad.net/bugs/1834494
Package Information:
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8.1ubuntu0.2
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8ubuntu0.2
USN-4038-4: bzip2 regression
=========================================================================
Ubuntu Security Notice USN-4038-4
July 04, 2019
bzip2 regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
USN-4038-1 introduced a regression in bzip2.
Software Description:
- bzip2: high-quality block-sorting file compressor - utilities
Details:
USN-4038-1 fixed a vulnerability in bzip2. The update introduced
a regression causing bzip2 to incorrect raises CRC errors for some
files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
We apologize for the inconvenience.
Original advisory details:
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
bzip2 1.0.6-5ubuntu0.1~esm2
lib32bz2-1.0 1.0.6-5ubuntu0.1~esm2
lib64bz2-1.0 1.0.6-5ubuntu0.1~esm2
libbz2-1.0 1.0.6-5ubuntu0.1~esm2
Ubuntu 12.04 ESM:
bzip2 1.0.6-1ubuntu0.2
lib32bz2-1.0 1.0.6-1ubuntu0.2
lib64bz2-1.0 1.0.6-1ubuntu0.2
libbz2-1.0 1.0.6-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4038-4
https://usn.ubuntu.com/4038-1
https://launchpad.net/bugs/1834494
USN-4046-1: Irssi vulnerabilities
=========================================================================
Ubuntu Security Notice USN-4046-1
July 04, 2019
irssi vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Irssi.
Software Description:
- irssi: terminal based IRC client
Details:
It was discovered that Irssi incorrectly handled certain disconnections.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-7054)
It was discovered that Irssi incorrectly handled certain requests.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2019-13045)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
irssi 1.2.0-2ubuntu1.1
Ubuntu 18.10:
irssi 1.1.1-1ubuntu1.2
Ubuntu 18.04 LTS:
irssi 1.0.5-1ubuntu4.2
Ubuntu 16.04 LTS:
irssi 0.8.19-1ubuntu1.9
After a standard system update you need to restart Irssi to make all the necessary changes.
References:
https://usn.ubuntu.com/4046-1
CVE-2018-7054, CVE-2019-13045
Package Information:
https://launchpad.net/ubuntu/+source/irssi/1.2.0-2ubuntu1.1
https://launchpad.net/ubuntu/+source/irssi/1.1.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/irssi/1.0.5-1ubuntu4.2
https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.9
