Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 22.04 LTS: USN-5840-1 Critical: lrzip DoS and Memory Corruption

ubuntu
Calendar Grey February 2, 2023
Dist Ubuntu Esm H88
Essential update required to resolve lrzip vulnerabilities in Ubuntu that may result in service disruptions and memory-related problems.
Several security issues were fixed in Long Range ZIP.

Summary

Several security issues were fixed in Long Range ZIP.

Software Description:

- lrzip: compression program with a very high compression ratio

Details:

It was discovered that Long Range ZIP incorrectly handled pointers. If

a user or an automated system were tricked into opening a certain

specially crafted ZIP file, an attacker could possibly use this issue

to cause a denial of service. This issue only affected Ubuntu 14.04 ESM,

Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467)

It was discovered that Long Range ZIP incorrectly handled pointers. If

a user or an automated system were tricked into opening a certain

specially crafted ZIP file, an attacker could possibly use this issue

to cause a denial of service. This issue only affected Ubuntu 18.04 LTS

and Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347)

It was discovered that Long Range ZIP incorrectly handled pointers. If

a user or an automated system were tricked into opening a cer...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   lrzip                           0.651-2ubuntu0.22.10.1

Ubuntu 22.04 LTS:
   lrzip                           0.651-2ubuntu0.22.04.1

Ubuntu 20.04 LTS:
   lrzip 0.631+git180528-1+deb10u1build0.20.04.1

Ubuntu 18.04 LTS:
   lrzip                           0.631-1+deb9u3build0.18.04.1

Ubuntu 16.04 ESM:
   lrzip                           0.621-1ubuntu0.1~esm2

Ubuntu 14.04 ESM:
   lrzip                           0.616-1ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5840-1

  CVE-2018-5786, CVE-2020-25467, CVE-2021-27345, CVE-2021-27347,

  CVE-2022-26291, CVE-2022-28044

Severity
critical
Lowest
Low
Medium
High
Critical

February 02, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here