CVE-2019-12900
published 2019-06-19CVE-2019-12900: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.04%
94.1th percentile
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bzip | bzip2 | <= 1.0.6 | — |
| bzip | bzip2 | >= 0 < 1.0.6-9.1 | 1.0.6-9.1 |
| bzip | bzip2 | >= 0 < 1.0.6-9.1 | 1.0.6-9.1 |
| bzip | bzip2 | >= 0 < 1.0.6-9.1 | 1.0.6-9.1 |
| bzip | bzip2 | >= 0 < 1.0.6-9.1 | 1.0.6-9.1 |
| bzip | bzip2 | >= 0 < 1.0.6-8ubuntu0.1 | 1.0.6-8ubuntu0.1 |
| bzip | bzip2 | >= 0 < 1.0.6-8.1ubuntu0.1 | 1.0.6-8.1ubuntu0.1 |
| bzip | bzip2 | >= 0 < 1.0.6-5ubuntu0.1~esm1 | 1.0.6-5ubuntu0.1~esm1 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| clamav | clamav | >= 0 < 0.101.4+dfsg-1 | 0.101.4+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.4+dfsg-1 | 0.101.4+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.4+dfsg-1 | 0.101.4+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.4+dfsg-1 | 0.101.4+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.4+dfsg-0ubuntu0.16.04.1 | 0.101.4+dfsg-0ubuntu0.16.04.1 |
| clamav | clamav | >= 0 < 0.101.4+dfsg-0ubuntu0.18.04.1 | 0.101.4+dfsg-0ubuntu0.18.04.1 |
| clamav | clamav | >= 0 < 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 | 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 |
| debian | bzip2 | < bzip2 1.0.6-9.1 (bookworm) | bzip2 1.0.6-9.1 (bookworm) |
| debian | clamav | < bzip2 1.0.6-9.1 (bookworm) | bzip2 1.0.6-9.1 (bookworm) |
| debian | debian_linux | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_oracle8.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
vendor_redhat·2024-11-15·CVSS 9.8
CVE-2019-12900 [CRITICAL] CWE-1214 bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.
Statement: This vulnerability only causes failure to decompress when using the package bzip2 functionality. There is no known vector of attack (apart of possibility that some of the older archives compressed with bzip2 could become unaccessible if still buggy version of bzip2 being used to decompress). This bug has b
Oracle
Oracle Oracle Database Server Risk Matrix: Core RDBMS (bzip2) — CVE-2019-12900
vendor_oracle·2020-10-15·CVSS 8.8
CVE-2019-12900 [CRITICAL] Oracle Oracle Database Server Risk Matrix: Core RDBMS (bzip2) — CVE-2019-12900
Oracle Oracle Database Server Risk Matrix: Core RDBMS (bzip2) vulnerability
CVE: CVE-2019-12900
CVSS: 8.8
Protocol: Oracle Net
Remote exploit: No
Affected versions: Network
Advisory: cpuoct2020 (OCT 2020)
Ubuntu
ClamAV vulnerabilities
vendor_ubuntu·2019-10-03·CVSS 7.5
CVE-2019-12625 [HIGH] ClamAV vulnerabilities
Title: ClamAV vulnerabilities
Summary: Several security issues were fixed in ClamAV.
USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled unpacking ZIP files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2019-12625)
It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A
remote attacker could use this issue to cause ClamAV to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2019-12900)
Instructions: This update uses a new upstream release, which includes additional bug
fixes. In general, a standard syste
Ubuntu
ClamAV vulnerabilities
vendor_ubuntu·2019-10-02·CVSS 7.5
CVE-2019-12625 [HIGH] ClamAV vulnerabilities
Title: ClamAV vulnerabilities
Summary: Several security issues were fixed in ClamAV.
It was discovered that ClamAV incorrectly handled unpacking ZIP files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2019-12625)
It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A
remote attacker could use this issue to cause ClamAV to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2019-12900)
Instructions: This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
BSD
FreeBSD-SA-19:18.bzip2: Multiple vulnerabilities in bzip2
bsd_advisories·2019-08-06·CVSS 6.5
CVE-2016-3189 [MEDIUM] FreeBSD-SA-19:18.bzip2: Multiple vulnerabilities in bzip2
FreeBSD-SA-19:18.bzip2 Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in bzip2
Category: contrib
Module: bzip2
Announced: 2019-08-06
Affects: All supported versions of FreeBSD.
Corrected: 2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE)
2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9)
2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE)
2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2)
2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13)
CVE Name: CVE-2016-3189, CVE-2019-12900
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and
decompress files using an a
Ubuntu
bzip2 vulnerabilities
vendor_ubuntu·2019-06-26·CVSS 6.5
CVE-2016-3189 [MEDIUM] bzip2 vulnerabilities
Title: bzip2 vulnerabilities
Summary: Several security issues were fixed in bzip2.
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
bzip2 vulnerabilities
vendor_ubuntu·2019-06-26·CVSS 6.5
CVE-2016-3189 [MEDIUM] bzip2 vulnerabilities
Title: bzip2 vulnerabilities
Summary: Several security issues were fixed in bzip2.
USN-4038-1 fixed several vulnerabilities in bzip2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
vendor_msrc·2019-06-11·CVSS 9.8
CVE-2019-12900 [CRITICAL] CWE-787 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action Required: Yes
Rem
Debian
CVE-2019-12900: bzip2 - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write...
vendor_debian·2019·CVSS 9.8
CVE-2019-12900 [CRITICAL] CVE-2019-12900: bzip2 - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write...
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Scope: local
bookworm: resolved (fixed in 1.0.6-9.1)
bullseye: resolved (fixed in 1.0.6-9.1)
forky: resolved (fixed in 1.0.6-9.1)
sid: resolved (fixed in 1.0.6-9.1)
trixie: resolved (fixed in 1.0.6-9.1)
Red Hat
libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference
vendor_redhat·2018-12-18·CVSS 8.8
CVE-2019-7663 [HIGH] CWE-190 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference
libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
Statement: This report appears to be a duplicate of CVE-2018-17000. While the crash manifests differently, both vulnerabilities are fixed by the same upstream commit.
Package: libtiff (Red Hat Enterprise Linux 5) - Not affected
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Package: libtiff (Red Hat Enterprise Linux 7) - Not affected
Package: li
OSV
out-of-bounds write when there are many bzip2 selectors
osv·2025-11-14
CVE-2019-12900 out-of-bounds write when there are many bzip2 selectors
out-of-bounds write when there are many bzip2 selectors
# out-of-bounds write when there are many bzip2 selectors
A malicious bzip2 payload may produce a memory corruption
resulting in a denial of service and/or remote code execution.
Network services or command line utilities decompressing
untrusted bzip2 payloads are affected.
Note that the exploitation of this bug relies on an undefined
behavior that appears to be handled safely by current compilers.
The Haskell libraires are vulnerable when they are built using
the bundled C library source code, which is the default
in most cases.
GHSA
GHSA-j686-6fc2-2525: BZ2_decompress in decompress
ghsa_unreviewed·2022-05-24
CVE-2019-12900 [CRITICAL] CWE-787 GHSA-j686-6fc2-2525: BZ2_decompress in decompress
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
OSV
clamav vulnerabilities
osv·2019-10-03·CVSS 7.5
CVE-2019-12625 [HIGH] clamav vulnerabilities
clamav vulnerabilities
USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled unpacking ZIP files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2019-12625)
It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A
remote attacker could use this issue to cause ClamAV to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2019-12900)
OSV
clamav vulnerabilities
osv·2019-10-02·CVSS 7.5
CVE-2019-12625 [HIGH] clamav vulnerabilities
clamav vulnerabilities
It was discovered that ClamAV incorrectly handled unpacking ZIP files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2019-12625)
It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A
remote attacker could use this issue to cause ClamAV to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2019-12900)
OSV
bzip2 vulnerabilities
osv·2019-06-26·CVSS 6.5
CVE-2016-3189 [MEDIUM] bzip2 vulnerabilities
bzip2 vulnerabilities
USN-4038-1 fixed several vulnerabilities in bzip2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
OSV
bzip2 vulnerabilities
osv·2019-06-26·CVSS 6.5
CVE-2016-3189 [MEDIUM] bzip2 vulnerabilities
bzip2 vulnerabilities
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
OSV
CVE-2019-12900: BZ2_decompress in decompress
osv·2019-06-19·CVSS 9.8
CVE-2019-12900 [CRITICAL] CVE-2019-12900: BZ2_decompress in decompress
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-12900 bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
bugzilla·2024-12-12·CVSS 9.8
CVE-2019-12900 [CRITICAL] CVE-2019-12900 bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
CVE-2019-12900 bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
There were several "Security Fixes" for bzip2: out-of-bounds
write in function BZ2_decompress (CVE-2019-12900). e.g. RHSA-2024:8922
and RHSA-2024:10803.
The problem is that CVE-2019-12900 is 5 years old and bogus. The
applied patch causes a change in behavior which causes some bz2 files
to no longer decompress.
Upstream did a better fix for bzip2 1.0.8. Full story is here:
https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/
You can see check that the new bzip2 is broken by running the
upstream bzip2 testsuite:
$ git clone https://sourceware.org/git/bzip2-tests.git
$ cd bzip2-tests
$ ./run-tests.sh
[...]
bzip2: Data integrity error when decompressing.
FAIL: ./
Bugzilla
CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress [fedora-all]
bugzilla·2019-06-27·CVSS 9.8
CVE-2019-12900 [CRITICAL] CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress [fedora-all]
CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported vers
Bugzilla
bzip2: out-of-bounds write in function BZ2_decompress
bugzilla·2019-06-27
[LOW] bzip2: out-of-bounds write in function BZ2_decompress
bzip2: out-of-bounds write in function BZ2_decompress
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Reference:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
Discussion:
Created bzip2 tracking bugs for this issue:
Affects: fedora-all [bug 1724462]
---
The patch causes a change in behavior, as certain files could now result in a CRC error, whereas they would previously decompress fine:
https://sourceware.org/ml/bzip2-devel/2019-q2/msg00024.html
https://gitlab.com/federicomenaquintero/bzip2/issues/24
I suppose that we follow upstream on whether or not we consider this a regression, as I'm rather indifferent on this matter. There does not seem to be a final decision from ups
Bugzilla
CVE-2019-7663 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference
bugzilla·2019-02-15·CVSS 8.8
CVE-2019-7663 [HIGH] CVE-2019-7663 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference
CVE-2019-7663 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference
An Invalid Address dereference was discovered in
TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF
4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote
attackers could leverage this vulnerability to cause a denial-of-service via a
crafted tiff file. This is different from CVE-2018-12900.
References:
http://bugzilla.maptools.org/show_bug.cgi?id=2833
https://gitlab.com/libtiff/libtiff/merge_requests/60/diffs
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1677529]
---
*** This bug has been marked as a duplicate of bug 1630004 ***
---
Statement:
This report appears to be a duplicate of CVE-201
Bugzilla
bzip2: index out of bounds [@BZ2_decompress]
bugzilla·2016-08-15·CVSS 6.5
[MEDIUM] bzip2: index out of bounds [@BZ2_decompress]
bzip2: index out of bounds [@BZ2_decompress]
Created attachment 8781246
test_case.bz2
This was found while fuzzing bzip2 1.0.6. I was using a 32-bit build with UBSan.
To build I used:
CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -m32 -g" LDFLAGS="-m32 -fsanitize=undefined" make
To run:
$ UBSAN_OPTIONS=print_stacktrace=1 ./bzip2 -dkc test_case.bz2
decompress.c:299:10: runtime error: index 18002 out of bounds for type 'UChar [18002]'
#0 0x81cfa1e in BZ2_decompress /home/user/Desktop/bzip2-1.0.6/decompress.c:299:28
#1 0x816830a in BZ2_bzDecompress /home/user/Desktop/bzip2-1.0.6/bzlib.c:843:20
#2 0x817519d in BZ2_bzRead /home/user/Desktop/bzip2-1.0.6/bzlib.c:1201:13
#3 0x814389c in uncompressStream /home/user/Desktop/bzip2-1.0.6/bzip2.c:462:18
#4 0x814389c in uncompress /h
arXiv
LibAM: An Area Matching Framework for Detecting Third-party Libraries in Binaries
arxiv_fulltext·2023-09-12
LibAM: An Area Matching Framework for Detecting Third-party Libraries in Binaries
LibAM: An Area Matching Framework for Detecting Third-party Libraries in Binaries
Siyuan Li
Both authors contributed equally to this research.
[email protected]
Yongpan Wang
[1]
[email protected]
Chaopeng Dong
[email protected]
Shouguo Yang
[email protected]
Hong Li
Corresponding author
[email protected]
Hao Sun
[email protected]
Zhe Lang
[email protected]
Zuxin Chen
[email protected]
Weijie Wang
[email protected]
Hongsong Zhu
[email protected]
Limin Sun
[email protected]
School of Cyber Security, University of Chinese Academy of Sciences and Institute of Information Engineering, Chinese Academy of Sciences
BeiJing
China
Siyuan Li and Yongpan Wang, et al.
## Abstract
Third-party libraries (TPLs) are extensively utilized by developers to expedite the software
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.htmlhttp://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.htmlhttp://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.htmlhttps://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbchttps://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/06/msg00021.htmlhttps://lists.debian.org/debian-lts-announce/2019/07/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00012.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00018.htmlhttps://seclists.org/bugtraq/2019/Aug/4https://seclists.org/bugtraq/2019/Jul/22https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.aschttps://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSShttps://usn.ubuntu.com/4038-1/https://usn.ubuntu.com/4038-2/https://usn.ubuntu.com/4146-1/https://usn.ubuntu.com/4146-2/https://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.htmlhttp://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.htmlhttp://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.htmlhttps://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbchttps://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/06/msg00021.htmlhttps://lists.debian.org/debian-lts-announce/2019/07/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00012.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00018.htmlhttps://seclists.org/bugtraq/2019/Aug/4https://seclists.org/bugtraq/2019/Jul/22https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.aschttps://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSShttps://usn.ubuntu.com/4038-1/https://usn.ubuntu.com/4038-2/https://usn.ubuntu.com/4146-1/https://usn.ubuntu.com/4146-2/https://www.oracle.com/security-alerts/cpuoct2020.html
2019-06-19
Published