what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2019-12900

Status Candidate

Overview

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Related Files

Ubuntu Security Notice USN-4146-2
Posted Oct 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4146-2 - USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-12625, CVE-2019-12900
SHA-256 | 21d34e5e97db5f7afce7e5e633c0ef1b7c9232d6c081c9c3e8c1940fbde11743
Ubuntu Security Notice USN-4146-1
Posted Oct 2, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4146-1 - It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-12625, CVE-2019-12900
SHA-256 | 6626f640b9b4bf79b544acc4be006cb9a88088904441d53c2b47e462216e20cc
Clam AntiVirus Toolkit 0.101.4
Posted Aug 21, 2019
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Multiple security vulnerabilities have been addressed in this release.
tags | tool, virus
systems | unix
advisories | CVE-2019-12625, CVE-2019-12900
SHA-256 | 0bf094f0919d158a578421d66bc2569c8c8181233ba162bb51722f98c802bccd
FreeBSD Security Advisory - FreeBSD-SA-19:18.bzip2
Posted Aug 6, 2019
Site security.freebsd.org

FreeBSD Security Advisory - The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2016-3189, CVE-2019-12900
SHA-256 | c0796921394dbd2b07e095dfc85718db5fd86cd3cd5df94e1e8e5e3f050f2c2c
Slackware Security Advisory - bzip2 Updates
Posted Jul 15, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-3189, CVE-2019-12900
SHA-256 | 00866bf2e5233b7f677d14e90626aa037c9e605450c8c334a00f345e5e7dcabb
Ubuntu Security Notice USN-4038-2
Posted Jun 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-2 - USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-3189, CVE-2019-12900
SHA-256 | 5af3e4ba4c76321d949ac85669ff8c915024913a50dfa3112a979a45608c3dbe
Ubuntu Security Notice USN-4038-1
Posted Jun 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-1 - Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-3189, CVE-2019-12900
SHA-256 | 674256554b4a99a71c6d4e0f37049b77acba8fba7440b2a3d70deab7378c171b
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close