Medium
Canonical Ubuntu
USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
We apologize for the inconvenience.
Original advisory details:
It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.
CVEs contained in this USN include: CVE-2016-3189, CVE-2019-12900
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow one of the mitigations below: