{"id":"USN-4038-4","summary":"bzip2 regression","details":"USN-4038-1 fixed a vulnerability in bzip2. The update introduced\na regression causing bzip2 to incorrect raises CRC errors for some\nfiles. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that bzip2 incorrectly handled certain files.\n An attacker could possibly use this issue to execute arbitrary code.\n","modified":"2026-02-10T04:41:34Z","published":"2019-07-04T15:48:25Z","related":["UBUNTU-CVE-2019-12900"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4038-4"},{"type":"REPORT","url":"https://launchpad.net/bugs/1834494"}],"affected":[{"package":{"name":"bzip2","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/bzip2@1.0.6-5ubuntu0.1~esm2?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.6-5ubuntu0.1~esm2"}]}],"versions":["1.0.6-4","1.0.6-5","1.0.6-5ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.0.6-5ubuntu0.1~esm2","binary_name":"bzip2"},{"binary_version":"1.0.6-5ubuntu0.1~esm2","binary_name":"lib32bz2-1.0"},{"binary_version":"1.0.6-5ubuntu0.1~esm2","binary_name":"lib32bz2-dev"},{"binary_version":"1.0.6-5ubuntu0.1~esm2","binary_name":"lib64bz2-1.0"},{"binary_version":"1.0.6-5ubuntu0.1~esm2","binary_name":"lib64bz2-dev"},{"binary_version":"1.0.6-5ubuntu0.1~esm2","binary_name":"libbz2-1.0"},{"binary_version":"1.0.6-5ubuntu0.1~esm2","binary_name":"libbz2-dev"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4038-4.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}}],"schema_version":"1.7.3"}