CVE-2014-9862 in Ubuntu

CVE-2014-9862

Priority

Description

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in
Apple OS X before 10.11.6 and other products, allows remote attackers to
execute arbitrary code or cause a denial of service (heap-based buffer
overflow) via a crafted patch file.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998
https://bugs.chromium.org/p/chromium/issues/detail?id=372525
https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659
https://support.apple.com/HT206903
https://ubuntu.com/security/notices/USN-4500-1

Notes

Package

Source: bsdiff (LP Ubuntu Debian)

Upstream:	released (4.3-17)
Ubuntu 18.04 LTS:	not-affected (4.3-17)
Ubuntu 20.04 LTS:	not-affected (4.3-17)
Ubuntu 14.04 ESM:	DNE (trusty was needed)
Ubuntu 20.04 FIPS Compliant:	not-affected (4.3-17)

Patches:

More Information

Updated: 2022-04-13 12:03:47 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)