diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-19:18.bzip2.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-19:18.bzip2.asc | 144 |
1 files changed, 0 insertions, 144 deletions
diff --git a/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc b/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc deleted file mode 100644 index fe300211c9..0000000000 --- a/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc +++ /dev/null @@ -1,144 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-19:18.bzip2 Security Advisory - The FreeBSD Project - -Topic: Multiple vulnerabilities in bzip2 - -Category: contrib -Module: bzip2 -Announced: 2019-08-06 -Affects: All supported versions of FreeBSD. -Corrected: 2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE) - 2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9) - 2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE) - 2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2) - 2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13) -CVE Name: CVE-2016-3189, CVE-2019-12900 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and -decompress files using an algorithm based on the Burrows-Wheeler transform. -They are generally slower than Lempel-Ziv compressors such as gzip, but -usually provide a greater compression ratio. - -The bzip2recover utility extracts blocks from a damaged bzip2(1) file, -permitting partial recovery of the contents of the file. - -II. Problem Description - -The decompressor used in bzip2 contains a bug which can lead to an -out-of-bounds write when processing a specially crafted bzip2(1) file. - -bzip2recover contains a heap use-after-free bug which can be triggered -when processing a specially crafted bzip2(1) file. - -III. Impact - -An attacker who can cause maliciously crafted input to be processed -may trigger either of these bugs. The bzip2recover bug may cause a -crash, permitting a denial-of-service. The bzip2 decompressor bug -could potentially be exploited to execute arbitrary code. - -Note that some utilities, including the tar(1) archiver and the bspatch(1) -binary patching utility (used in portsnap(8) and freebsd-update(8)) -decompress bzip2(1)-compressed data internally; system administrators should -assume that their systems will at some point decompress bzip2(1)-compressed -data even if they never explicitly invoke the bunzip2(1) utility. - -IV. Workaround - -No workaround is available. - -V. Solution - -Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date, -and restart daemons if necessary. - -1) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch -# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch.asc -# gpg --verify bzip2.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the operating system using buildworld and installworld as -described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. - -Restart all daemons that use the library, or reboot the system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/12/ r349717 -releng/12.0/ r350643 -stable/11/ r349718 -releng/11.3/ r350643 -releng/11.2/ r350643 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189> -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc> ------BEGIN PGP SIGNATURE----- - -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt09fFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD -MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cJWEQ//dBiFwPCKcUaeSBuM9opVUxWzFYrpWdYwwagQXzNqO3Z77Vi2hHQnfpkD -bM8WgWwChOJmlTja7sjnF+QjoV9/elzYhFrD6q0W1nLZ2XHcXyHrbFLMJ+CrvCWR -AuVCEkmT2fchE/5c71l/v8I452EpGZG7P0fwG1bpf84p1PFLl3esfeo8+CzN1x2h -YLnvfp69/tC18LR0/yozRUuFSqoYBhbnJsclB1JkrGx0fPOcE9y3sudVhBIDbH7h -nYSTJl/KkTHf6tbJVXWUVr5gJzCgGvvhUer49RCdJMAwj6hKYT49vWnOFl1T8DAL -+co0ZzTiKoCdrrrguijh4QTEUe4UAGS3PPAwhUiOu+y8Bry06/U565uO9y9iILef -M5oYTbM7h/TErPxSE421fWeexeK0seCHqmj/rO1Yf7RkRvLg/QaJk5YWM0KoP3NH -QQRdX8qNiy4liEqGvJwfUdNcVXA3d7BKifl6MKH+5/2i5B23wHItIeuIGYo5LgdI -mnH59L5wylhWGa0Dc+N9fP0jFvBfk7/4a0joXYIQ7/KDQg0X+WdiGZ/mzZ4GEisX -hwI2laAh/oyksInrMcLCbvgWql+lrUvK3ltHo17U+wrMeb+8btDLR5T/9XlLPWGp -s101XS6ewcwpZ8g5uBtlFBLmp8BGkALTAJtwwqJ2eoLfLYCXq3I= -=3O6m ------END PGP SIGNATURE----- |