← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

PublicDateAtUSN: 2010-09-20
Candidate: CVE-2010-0405
PublicDate: 2010-09-28
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
 http://www.ubuntu.com/usn/usn-986-1
 http://www.ubuntu.com/usn/usn-986-2
 http://www.ubuntu.com/usn/usn-986-3
Description:
 Integer overflow in the BZ2_decompress function in decompress.c in bzip2
 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a
 denial of service (application crash) or possibly execute arbitrary code
 via a crafted compressed file.
Ubuntu-Description: 
Notes: 
 jdstrand> dump and dpkg use a statically linked bzip2 so simply need to be
  recompiled
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: jdstrand

Patches_bzip2:
upstream_bzip2: released (1.0.6)
dapper_bzip2: released (1.0.3-0ubuntu2.2)
hardy_bzip2: released (1.0.4-2ubuntu4.1)
jaunty_bzip2: released (1.0.5-1ubuntu1.1)
karmic_bzip2: released (1.0.5-3ubuntu0.1)
lucid_bzip2: released (1.0.5-4ubuntu0.1)
devel_bzip2: released (1.0.5-4ubuntu1)

Patches_clamav:
upstream_clamav: needs-triage
dapper_clamav: released (0.95.3+dfsg-1ubuntu0.09.04~dapper4.1)
hardy_clamav: released (0.95.3+dfsg-1ubuntu0.09.04~hardy2.5)
jaunty_clamav: released (0.95.3+dfsg-1ubuntu0.09.04.3)
karmic_clamav: released (0.95.3+dfsg-1ubuntu0.09.10.3)
lucid_clamav: released (0.96.1+dfsg-0ubuntu0.10.04.2)
devel_clamav: released (1.0.5-4ubuntu1)

Patches_dump:
upstream_dump: not-affected
dapper_dump: released (0.4b41-2ubuntu0.1)
hardy_dump: released (0.4b41-5ubuntu0.1)
jaunty_dump: released ( 0.4b41-6ubuntu0.1)
karmic_dump: released (0.4b42-1ubuntu0.9.10.1)
lucid_dump: released (0.4b42-1ubuntu0.10.04.1)
devel_dump: released (0.4b43-1build1)

Patches_dpkg:
upstream_dpkg: not-affected
dapper_dpkg: released (1.13.11ubuntu7.2)
hardy_dpkg: released (1.14.16.6ubuntu4.2)
jaunty_dpkg: released (1.14.24ubuntu1.2)
karmic_dpkg: released (1.15.4ubuntu2.2)
lucid_dpkg: released (1.15.5.6ubuntu4.3)
devel_dpkg: not-affected (uses dynamic system libbz2)