ASA-2019-00507 – FreeBSD: Multiple vulnerabilities in bzip2

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00507

Identifier(s)

ASA-2019-00507, FreeBSD-SA-19:18.bzip2

Title

Multiple vulnerabilities in bzip2

Vendor(s)

The FreeBSD Project

Product(s)

FreeBSD

Affected version(s)

All supported versions of FreeBSD

Fixed version(s)

2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE)
2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9)
2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE)
2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2)
2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13)

Proof of concept

Unknown

Description

The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file.

bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file.

An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code.

Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

Technical details

Unknown

Credits

Unknown

Reference(s)

FreeBSD-SA-19:18.bzip2.asc
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:18.bzip2.asc

bzip2.patch
https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch

bzip2.patch.asc
https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch.asc

[base] Revision 349717
https://svnweb.freebsd.org/base?view=revision&revision=r349717

[base] Revision 350643
https://svnweb.freebsd.org/base?view=revision&revision=r350643

[base] Revision 349718
https://svnweb.freebsd.org/base?view=revision&revision=r349718

CVE-2016-3189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189

CVE-2016-3189
https://nvd.nist.gov/vuln/detail/CVE-2016-3189

CVE-2019-12900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900

CVE-2019-12900
https://nvd.nist.gov/vuln/detail/CVE-2019-12900

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 4, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.