Allele Security Alert
ASA-2019-00507
Identifier(s)
ASA-2019-00507, FreeBSD-SA-19:18.bzip2
Title
Multiple vulnerabilities in bzip2
Vendor(s)
The FreeBSD Project
Product(s)
FreeBSD
Affected version(s)
All supported versions of FreeBSD
Fixed version(s)
2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE)
2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9)
2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE)
2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2)
2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13)
Proof of concept
Unknown
Description
The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file.
bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file.
An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code.
Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.
Technical details
Unknown
Credits
Unknown
Reference(s)
FreeBSD-SA-19:18.bzip2.asc
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:18.bzip2.asc
bzip2.patch
https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch
bzip2.patch.asc
https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch.asc
[base] Revision 349717
https://svnweb.freebsd.org/base?view=revision&revision=r349717
[base] Revision 350643
https://svnweb.freebsd.org/base?view=revision&revision=r350643
[base] Revision 349718
https://svnweb.freebsd.org/base?view=revision&revision=r349718
CVE-2016-3189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189
CVE-2016-3189
https://nvd.nist.gov/vuln/detail/CVE-2016-3189
CVE-2019-12900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900
CVE-2019-12900
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 4, 2019