What is the vulnerability ID for this bzip2 vulnerability?

The vulnerability ID for this bzip2 vulnerability is USN-4038-2.

What is the severity of the USN-4038-2 vulnerability?

The severity of the USN-4038-2 vulnerability is not mentioned in the provided information.

Which software versions are affected by the USN-4038-2 vulnerability?

The USN-4038-2 vulnerability affects Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

How do I fix the USN-4038-2 vulnerability?

To fix the USN-4038-2 vulnerability, update the affected software to the recommended version: bzip2 1.0.6-5ubuntu0.1~esm1 (for Ubuntu 12.04 ESM) or bzip2 1.0.6-5ubuntu0.1~esm1 (for Ubuntu 14.04 ESM).

Where can I find more information about the USN-4038-2 vulnerability?

You can find more information about the USN-4038-2 vulnerability in the following references: [CVE-2016-3189](https://ubuntu.com/security/CVE-2016-3189), [CVE-2019-12900](https://ubuntu.com/security/CVE-2019-12900), [USN-4038-1](https://ubuntu.com/security/notices/USN-4038-1).

Vulnerability/
USN-4038-2

26/6/2019

USN-4038-2: bzip2 vulnerabilities

First published: Wed Jun 26 2019(Updated: )

USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900)

Affected Software	Affected Version	How to fix
All of
ubuntu/bzip2	<1.0.6-5ubuntu0.1~esm1	1.0.6-5ubuntu0.1~esm1
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/lib32bz2-1.0	<1.0.6-5ubuntu0.1~esm1	1.0.6-5ubuntu0.1~esm1
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/lib64bz2-1.0	<1.0.6-5ubuntu0.1~esm1	1.0.6-5ubuntu0.1~esm1
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/libbz2-1.0	<1.0.6-5ubuntu0.1~esm1	1.0.6-5ubuntu0.1~esm1
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/bzip2	<1.0.6-1ubuntu0.1	1.0.6-1ubuntu0.1
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/lib32bz2-1.0	<1.0.6-1ubuntu0.1	1.0.6-1ubuntu0.1
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/lib64bz2-1.0	<1.0.6-1ubuntu0.1	1.0.6-1ubuntu0.1
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/libbz2-1.0	<1.0.6-1ubuntu0.1	1.0.6-1ubuntu0.1
Ubuntu OpenSSH Client	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this bzip2 vulnerability?
The vulnerability ID for this bzip2 vulnerability is USN-4038-2.
What is the severity of the USN-4038-2 vulnerability?
The severity of the USN-4038-2 vulnerability is not mentioned in the provided information.
Which software versions are affected by the USN-4038-2 vulnerability?
The USN-4038-2 vulnerability affects Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
How do I fix the USN-4038-2 vulnerability?
To fix the USN-4038-2 vulnerability, update the affected software to the recommended version: bzip2 1.0.6-5ubuntu0.1~esm1 (for Ubuntu 12.04 ESM) or bzip2 1.0.6-5ubuntu0.1~esm1 (for Ubuntu 14.04 ESM).
Where can I find more information about the USN-4038-2 vulnerability?
You can find more information about the USN-4038-2 vulnerability in the following references: [CVE-2016-3189](https://ubuntu.com/security/CVE-2016-3189), [CVE-2019-12900](https://ubuntu.com/security/CVE-2019-12900), [USN-4038-1](https://ubuntu.com/security/notices/USN-4038-1).

agent/severity
agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu openssh client
version/ubuntu openssh client/14.04
version/ubuntu openssh client/12.04