USN-5840-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5840-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5840-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5840-1
Related
Published
2023-02-02T13:36:09.142109Z
Modified
2023-02-02T13:36:09.142109Z
Summary
lrzip vulnerabilities
Details

It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467)

It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347)

It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2022-26291)

It was discovered that Long Range ZIP incorrectly handled memory allocation, which could lead to a heap memory corruption. An attacker could possibly use this issue to cause denial of service. This issue affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-28044)

References

Affected packages

Ubuntu:Pro:14.04:LTS / lrzip

Package

Name
lrzip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.616-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "lrzip": "0.616-1ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:22.04:LTS / lrzip

Package

Name
lrzip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.651-2ubuntu0.22.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "lrzip": "0.651-2ubuntu0.22.04.1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / lrzip

Package

Name
lrzip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.621-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "lrzip": "0.621-1ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:18.04:LTS / lrzip

Package

Name
lrzip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.631-1+deb9u3build0.18.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "lrzip": "0.631-1+deb9u3build0.18.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / lrzip

Package

Name
lrzip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.631+git180528-1+deb10u1build0.20.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "lrzip": "0.631+git180528-1+deb10u1build0.20.04.1"
        }
    ]
}