=========================================================== Ubuntu Security Notice USN-590-1 March 24, 2008 bzip2 vulnerability CVE-2008-1372 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libbz2-1.0 1.0.3-0ubuntu2.1 Ubuntu 6.10: libbz2-1.0 1.0.3-3ubuntu0.1 Ubuntu 7.04: libbz2-1.0 1.0.3-6ubuntu0.1 Ubuntu 7.10: libbz2-1.0 1.0.4-0ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1.diff.gz Size/MD5: 72067 9b73f1a1cbea8f8e7dfba9b0cd358bf3 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1.dsc Size/MD5: 833 180fa43bfd8645b2a0c353b8927961c4 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3.orig.tar.gz Size/MD5: 669075 8a716bebecb6e647d2e8a29ea5d8447f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_amd64.deb Size/MD5: 268000 b9532e26529bda8991e97cd819544aba http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.3-0ubuntu2.1_amd64.deb Size/MD5: 38388 baf7e58f129b30288d0cf1f76df39255 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.3-0ubuntu2.1_amd64.deb Size/MD5: 30688 1c98274562642c9a3dee9bb91c070b5a http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_amd64.deb Size/MD5: 40978 b904382cd76c9ffcd0dc92a5c3219a1a http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_amd64.deb Size/MD5: 32500 f6bf61f94fc0b4351fd79532df9025b1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_i386.deb Size/MD5: 265034 71b410100340e0df581c1dd8b5dfe316 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_i386.deb Size/MD5: 35690 ad14744ff24eb1decb20995a7a9bbeb1 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_i386.deb Size/MD5: 29518 a835eb9af19b2c045393c8c4c483f51c http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_i386.deb Size/MD5: 43012 4407f311343b9ca791aabf98bfdcd751 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_i386.deb Size/MD5: 32564 1b4dbd9a480cf4515cd7a7b64e1c215b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5: 268616 c397d3782a2b937a84f05d39bbe0666d http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5: 39518 5dc92398adb2a55977e4aa395062deac http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5: 33064 d8d02ff467de3cb1aa966d01d55bff63 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5: 43586 2c0696f8499181a13ca2c4a019972b9f http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5: 33864 60dde6ba6b87d7bb261e04dfe1a89560 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_sparc.deb Size/MD5: 266558 69f664880f5c2d982a7906c21d01b60d http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_sparc.deb Size/MD5: 37524 1cc8f48aa7130c5d6523aa9be202b1d5 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_sparc.deb Size/MD5: 31480 9a826b5230f20fe079150562ab96d427 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_sparc.deb Size/MD5: 40510 3a5787038eb631638918245f0ecb0460 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_sparc.deb Size/MD5: 32010 7a05d5fe1e1b4a90dfef111e01e6c661 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1.diff.gz Size/MD5: 72910 f0ee43d65ceafedcfb89e84d7a6a84b5 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1.dsc Size/MD5: 887 6dbabc13e388138fc8bd271f7c521218 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3.orig.tar.gz Size/MD5: 669075 8a716bebecb6e647d2e8a29ea5d8447f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1_amd64.deb Size/MD5: 268466 ba96d43b05d0f4d70d0693b8ec6dc45a http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.3-3ubuntu0.1_amd64.deb Size/MD5: 36484 54ac11540a1f9ebeb2e8207581565b27 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.3-3ubuntu0.1_amd64.deb Size/MD5: 29258 61502f1c1dd54ece6a210c4a27aa841f http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-3ubuntu0.1_amd64.deb Size/MD5: 41320 ec4c49a63283a2ce8961549ef884b32c http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-3ubuntu0.1_amd64.deb Size/MD5: 32404 884923c398c46a105597a07231e40dfc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1_i386.deb Size/MD5: 265994 2cf7a465438cba563663bac727eb0171 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-3ubuntu0.1_i386.deb Size/MD5: 35976 be6b7111e0b6ab34d4f59fd3c3ef79c2 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-3ubuntu0.1_i386.deb Size/MD5: 29390 996172c9d38f0f74eb9b7636cb50e4a9 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-3ubuntu0.1_i386.deb Size/MD5: 41724 5eb28101d70842d52add63c4ded3a78b http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-3ubuntu0.1_i386.deb Size/MD5: 32130 6669754e7924ae13e0c78549585dab68 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1_powerpc.deb Size/MD5: 269554 dce122e34946819b3aca55663958689e http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-3ubuntu0.1_powerpc.deb Size/MD5: 41886 80c1da7a792929a6a2f913a79d07e871 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-3ubuntu0.1_powerpc.deb Size/MD5: 34972 2f7ebbbcc7b471a6521989acca861c23 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-3ubuntu0.1_powerpc.deb Size/MD5: 45914 61ee3716c49ef08178b99228a00660d7 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-3ubuntu0.1_powerpc.deb Size/MD5: 35752 b21e379f844f57083ec6fa72b4f21926 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-3ubuntu0.1_sparc.deb Size/MD5: 267394 3248ae0bb35ad6d238df41eb18d5631b http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-3ubuntu0.1_sparc.deb Size/MD5: 40442 2c936325437b86c1cffed94af70b5967 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-3ubuntu0.1_sparc.deb Size/MD5: 33844 b20b3fa3e3272b6dfd8e81cd01d1376e http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-3ubuntu0.1_sparc.deb Size/MD5: 41908 cae6101436671a4ec22079d19c5073f3 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-3ubuntu0.1_sparc.deb Size/MD5: 33130 97a7d92dc65a87ab27fd35148ef2b601 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1.diff.gz Size/MD5: 73260 fd44facd77b9d5c8ee403c87956959d3 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1.dsc Size/MD5: 998 a0e1544931745cc9219b440f5a50ed33 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3.orig.tar.gz Size/MD5: 669075 8a716bebecb6e647d2e8a29ea5d8447f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1_amd64.deb Size/MD5: 269010 7fd27a00599be078eaa69431b3427614 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.3-6ubuntu0.1_amd64.deb Size/MD5: 37204 a302c00544f28f77748248d2947967e3 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.3-6ubuntu0.1_amd64.deb Size/MD5: 29296 1291a663855bfca22a9a7730a6445982 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-6ubuntu0.1_amd64.deb Size/MD5: 41938 53509b290d6b38e9fd1ce3c70e5815ef http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-6ubuntu0.1_amd64.deb Size/MD5: 32416 7242fc55f28d1c7982a22e6797e29642 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1_i386.deb Size/MD5: 266466 29d5d61cc8ec2d32b84475e5624a5e1e http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-6ubuntu0.1_i386.deb Size/MD5: 36576 f850663d1ae752357646bbe40b049f8c http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-6ubuntu0.1_i386.deb Size/MD5: 29392 b447037b639fd00b97c2c9caae277da3 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-6ubuntu0.1_i386.deb Size/MD5: 42306 8f14ca607c277581f7b3ae84b4716ab4 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-6ubuntu0.1_i386.deb Size/MD5: 32098 db5b00b2ca199be08e13a306803b91c2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1_powerpc.deb Size/MD5: 271630 86e6f57b81c780aee0b2bd91e5429e10 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-6ubuntu0.1_powerpc.deb Size/MD5: 42422 f75ff05ab027e94f0a24fbd7634f4a57 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-6ubuntu0.1_powerpc.deb Size/MD5: 34918 8d5a7b0b94806d8e405a03a92d61f68d http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-6ubuntu0.1_powerpc.deb Size/MD5: 47436 2e371d647ff08833e0108718e7a216e5 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-6ubuntu0.1_powerpc.deb Size/MD5: 35706 0bdaa4e65a73f0b2b54a54847e69d734 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-6ubuntu0.1_sparc.deb Size/MD5: 268298 16d932810a4f43245341394cedb3a99c http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-6ubuntu0.1_sparc.deb Size/MD5: 41354 cb83e7203ce37dbd8b26de9533e5acbb http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-6ubuntu0.1_sparc.deb Size/MD5: 33992 754e583ecd06426b9a7ceb64e0c8454b http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-6ubuntu0.1_sparc.deb Size/MD5: 42488 a7aa7db5f92553b7cfc386e62a408f5a http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-6ubuntu0.1_sparc.deb Size/MD5: 32994 56b05fbc008a7e8c07d96eca551d3688 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1.diff.gz Size/MD5: 72929 d71a1950e9b6665ca07da25d3e70d377 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1.dsc Size/MD5: 941 d5800a50a383b6643ffc1f394c6130bc http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4.orig.tar.gz Size/MD5: 841221 fc310b254f6ba5fbb5da018f04533688 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2-doc_1.0.4-0ubuntu2.1_all.deb Size/MD5: 327412 cba2f8043e206d019796dfc9083a57d4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1_amd64.deb Size/MD5: 46802 ed4ea9c52fa96cae4ef7acf6a6f60a23 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.4-0ubuntu2.1_amd64.deb Size/MD5: 37354 adffef220c30bd947f7784c897dd2e79 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.4-0ubuntu2.1_amd64.deb Size/MD5: 29040 4886f1c7781b656bbbc4955a7e191a44 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.4-0ubuntu2.1_amd64.deb Size/MD5: 42808 289a6459e679b9c53249d7d47e7effd7 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.4-0ubuntu2.1_amd64.deb Size/MD5: 31674 7e831b49cf92a1f7e60cefb1c50a88ae i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1_i386.deb Size/MD5: 44742 e2f6842369c8bbe0388d43d282abdd30 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.4-0ubuntu2.1_i386.deb Size/MD5: 36912 14499394e7099fe7c0110a1326d63205 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.4-0ubuntu2.1_i386.deb Size/MD5: 29542 add7aacd22dadeb234856b9f9a0ec414 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.4-0ubuntu2.1_i386.deb Size/MD5: 43094 e19195eb92daaa687cb2072672201c25 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.4-0ubuntu2.1_i386.deb Size/MD5: 30954 040a5868fb8a016e08e5dd9e5ec1a446 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1_powerpc.deb Size/MD5: 49208 b2898aa7fa213ae0774bce2e2d3758fc http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.4-0ubuntu2.1_powerpc.deb Size/MD5: 42660 434f7394c2ea5b9cc10e0bee2873a516 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.4-0ubuntu2.1_powerpc.deb Size/MD5: 34944 a79290347970fc38d55f63012b210470 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.4-0ubuntu2.1_powerpc.deb Size/MD5: 48154 81516aa253c227097cf57ac526061ee5 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.4-0ubuntu2.1_powerpc.deb Size/MD5: 34782 207352da7d6f414dbb20eb449f279ebc sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.4-0ubuntu2.1_sparc.deb Size/MD5: 46304 681bcace6d88ba3dad0a9611fd38aa82 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.4-0ubuntu2.1_sparc.deb Size/MD5: 41586 e5885183ba0d1ff58bbdef629741883c http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.4-0ubuntu2.1_sparc.deb Size/MD5: 34102 0ab8ccc082f6f675ed2f81865aa9f51b http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.4-0ubuntu2.1_sparc.deb Size/MD5: 43444 2ff7c281c9b4864bb5a63724dd637e73 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.4-0ubuntu2.1_sparc.deb Size/MD5: 32148 5c3c764e38985ea2225440dcad7a7c13