-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGO/60oBDADb8Iw1QscMxjlKh+9QZcJ6NQwruJEuvbH4qi6hRKJt3441GR2F
sJRcmGrQOp87R2QdMoRSaifa96QOWLVu740PVq4/ztQkoqyB7yVMxc8L986H79xL
b+pcExy4Rvn++CQyTJ2/L/QEaOzN/Rq8ZCCDLtWUwxYOwYKZCW3Hw1/Fjzs0kpz6
oNlX4jiq76tJmA7vuVCydB9FuuC7/6K7/wUZrm2sHMnQ3JSv3G2vhHI0KANyVPIB
fNGplCqGc3aSRMIJ04KVukuzVPUKeLqkfLydiwdmG/IuS4jpWGL1bSWRPds0W2Ct
/N7hFcStudDlbV36DhGdpMeDxrhLL9aRpeZQro1LGhHHAA4oadE20vk1+9JS2pQC
CjtxxWnyDsC9j5eXN8Gr61yiLorxIRzO37arPVLxFMjafrP0rAweTivWCp2C+BOm
FsNilHHr57pDQOmc3LXDqdz8qqSVHaAK0CEH3YQA5ZUnWDbjj2D8aHcvrwSAk8pl
OxFmmOns8W6p/eEAEQEAAc1BQW1pciBOYXNlcmVkaW5pIChQcml2YXRlIEVtYWls
IEFkZHJlc3MpIDxzYWhuYXNlcmVkaW5pQGdtYWlsLmNvbT7CwRQEEwEKAD4WIQQt
F2HPcpjsUaJwwPxWOD410VO4sgUCY7/sHAIbAwUJA8JnAAULCQgHAwUVCgkICwUW
AgMBAAIeAQIXgAAKCRBWOD410VO4spcWDACioxx6/W7LDOkfKGx741eFLTHjeOR0
RMGL20Qd6cK4pdFjfrHU3PPBXKlZBSAT3JCcPKVE5ecu49Behqnzj4obGPJ0XBwM
hGRWeLhVQhsPmtGYy4irgXsm3+n2xbru9iq5CPobesDam6Z84OZoKDT/7XD5I8C/
ntJ8mD/+v2P4VeQ1iwvO3wAwh0zKna+Bi55mX1neLJj1T3/3+fIRnudclESE+JR0
A6309kotXRPLLse9LOzE8u3uM/zqHoJukc5G2CFbxSsdUE8MP4lQOff54vkb7NkM
hQzDDgvVKXTl5OF+gECHIeR4Dv7yjafLwt+3sDBwWK0HPaf6vvfi227G/urMKCxf
D5VWglvZfm64j0v+/apMUDtmkqw2PxFulJ8iwWA39owP0vH8jNp5YWJASOrNoDXn
nPzbvJLdy2gP59W2n038V59hH7vdA86ywmiWuP0n1pw95UjzkZiYGoaPCLrefiY9
SG5Jp3XoWVGP8mB87FfHTzccm2Dzm6pPbzHNL0FtaXIgTmFzZXJlZGluaSA8YW1p
ci5uYXNlcmVkaW5pQGNhbm9uaWNhbC5jb20+wsEXBBMBCgBBAhsDBQkDwmcABQsJ
CAcDBRUKCQgLBRYCAwEAAh4BAheAFiEELRdhz3KY7FGicMD8Vjg+NdFTuLIFAmO/
7aUCGQEACgkQVjg+NdFTuLJ9WQv/R0lA8yFIZGs2d6f3skai5QBeCGkBNdAatjeP
JNeFATvXbv8tNyXSJqhpQi2mVdNIq4uVdhzxzGbWrFGKcZh+aLNFe6XhqO/dupnm
fhAaCeTFmKlqU2VPbXGznIffK5s4IjEy0+6haF2mDwFokuav+JNFn9REPESQ9sJq
/zWC5LDm8ZzF0+ElPlJS3SrRG+BSx44qFASkbMMvKWj/huwplWOvjED6O8XU91Ii
ydlndFpk6xJE5cu3030R47Szn58z3iXTNWsWBgzVxy3rmr97MniOuLeAKWgK7NqE
TWE9OjG/lLEgtSP5suv/k07oufIAJtaIIjNZTTgyKZKfMaaKoekYCVMpXI6lwiLE
97nw4uQ/7hCi0TOzWVdOlRP58O3f3ATWyGrijn6c/N1CDAABgJvz6nJihS5Vkpc4
3qe8V3zgi173BbEpGcf2nOEMukBV4E4vNviFDNoKoUMNv+jxDiPPCDUJQa/oDxJ4
73KaXIIddyEUw3mqCRZlwtKhisy2zsDNBGO/60oBDACg+zE4kmu2CzeSFHEV/mSi
8P4u/MGN2Orq/pXFcpsN4fI3nsAS1qy7SfSmB8n6x8VZABRTPikznAochiFiD9U7
6tz7xsb5LWVXY+bdPzkMjsdB9UExhbARAiNaAZ1uvUI2YjD5+NVTDEuWpCyoVf7y
qfzth39p70KmdJE32PJC26+a7dV+dZKV7DM+pOH3PW0iXGaokzoO/hfWnIo4EanE
3IxtGG85E/PTxrSs0qDrOcQ9t0RLN0kCHwrjlDaAiN/amB4nx1BQLsUofripb10x
drLXdcGCPeqyNnuDKA++eGxMs4rf/gZqpriZe/c5GOZYOEWf94eyEfY7Ap3iXYhG
3bcNIKxikOY+N8i7CNuaZcFrosK6pGIgzUX3jCxjZpYYfP4CI1AcPPnqIgEWH4qQ
wmaWYNQ8gVQAnF097hKKbLozvKkg5App66v3DdDERKkB1YPPDPAXmQR9RiPUnXxQ
p89wveOLCemuROqq9hWnVTq+d9SElOipRXfY3r2xzTUAEQEAAcLA/AQYAQoAJhYh
BC0XYc9ymOxRonDA/FY4PjXRU7iyBQJjv+tKAhsMBQkDwmcAAAoJEFY4PjXRU7iy
ZSML/iIEflaHoQnViezZwZq0Jjwvy4SljggpUzKiF65aZK7VXd5JHH8J4cCOTJUy
0a4p+g7XMChLMVY8zj4GjnaQ9AG0LT9pvbDPNnFAQ37W8LgoSmaJ9oAo1wYbjoDJ
9wYsfATPveltC04LQ5ODH+R+3AkG15gBEX7lImyNSHabLedrYQUvAcWDo66C4Gwk
k7Q/GgwYteCwRYvG+Rmv1OWcjSZmqWJArk4vwdGuaEWmPsTldTgU0T1jjhny81eI
FYTwAtL175x+ScIhrVuvBpsxV2htrJCOPCPZTYPyd8sXZZgAfhjyAepWAqgONIoJ
Npog1dAZDpUCihQviQ0kzPokaPXKUCahY/hKm+nncKCOR/FB8l2iQHTC6rlDhZ4a
8DSRjElpOJ9Q94aWUuUEQ+7VnwBFFbTClwAo51ejvZ3ZKaEX6lAo4VMchQYpqb6A
FXf9+sS2VJ2HRD1wsHZ2hTLxApu16lVJphpGM90Zc81qc3uXR7fDTi6G0FDzRx0/
PrhDFw==
=grCX
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-5840-1
February 02, 2023
lrzip vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Long Range ZIP.
Software Description:
- lrzip: compression program with a very high compression ratio
Details:
It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an automated system were tricked into opening a certain
specially crafted ZIP file, an attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467)
It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an automated system were tricked into opening a certain
specially crafted ZIP file, an attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347)
It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an automated system were tricked into opening a certain
specially crafted ZIP file, an attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2022-26291)
It was discovered that Long Range ZIP incorrectly handled memory allocation,
which could lead to a heap memory corruption. An attacker could possibly use
this issue to cause denial of service. This issue affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 22.10. (CVE-2022-28044)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
lrzip 0.651-2ubuntu0.22.10.1
Ubuntu 22.04 LTS:
lrzip 0.651-2ubuntu0.22.04.1
Ubuntu 20.04 LTS:
lrzip 0.631+git180528-1+deb10u1build0.20.04.1
Ubuntu 18.04 LTS:
lrzip 0.631-1+deb9u3build0.18.04.1
Ubuntu 16.04 ESM:
lrzip 0.621-1ubuntu0.1~esm2
Ubuntu 14.04 ESM:
lrzip 0.616-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5840-1
CVE-2018-5786, CVE-2020-25467, CVE-2021-27345, CVE-2021-27347,
CVE-2022-26291, CVE-2022-28044
Package Information:
https://launchpad.net/ubuntu/+source/lrzip/0.651-2ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/lrzip/0.651-2ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/lrzip/0.631+git180528-1+deb10u1build0.20.04.1
https://launchpad.net/ubuntu/+source/lrzip/0.631-1+deb9u3build0.18.04.1
No comments:
Post a Comment