CVE-2016-3189

Related Files

FreeBSD Security Advisory - FreeBSD-SA-19:18.bzip2

Posted Aug 6, 2019

Site security.freebsd.org

FreeBSD Security Advisory - The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

tags | advisory, arbitrary

systems | freebsd

advisories | CVE-2016-3189, CVE-2019-12900

MD5 | 76087cf6669372fbf8909cd8f5d7ed6d

Download | Favorite | View

Slackware Security Advisory - bzip2 Updates

Posted Jul 15, 2019

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory

systems | linux, slackware

advisories | CVE-2016-3189, CVE-2019-12900

MD5 | 529e61d54f5a81c0fcc0113d9dbe7905

Download | Favorite | View

Ubuntu Security Notice USN-4038-2

Posted Jun 26, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-2 - USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability

systems | linux, ubuntu

advisories | CVE-2016-3189, CVE-2019-12900

MD5 | 610ea72a3982c8d072115331d4bbdebf

Download | Favorite | View

Ubuntu Security Notice USN-4038-1

Posted Jun 26, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-1 - Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2016-3189, CVE-2019-12900

MD5 | be01cc6c68e2aabce92f73ab71fd60d9

Download | Favorite | View

Gentoo Linux Security Advisory 201708-08

Posted Aug 22, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201708-8 - An use-after-free vulnerability has been found in bzip2 that could allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.6-r8 are affected.

tags | advisory, remote, denial of service

systems | linux, gentoo

advisories | CVE-2016-3189

MD5 | a3fe97f23a6c95ac0784ee8c435b368b

Download | Favorite | View