USN-4087-1: BWA vulnerability

06 August 2019

BWA could be made to crash or run programs as your login if it opened a specially crafted file.

Releases

Ubuntu 19.04
Ubuntu 18.04 LTS

Packages

bwa - Software package for mapping DNA sequences against a large reference genome

Details

It was discovered that Burrows-Wheeler Aligner (BWA) mishandled certain
crafted .alt files. An attacker could use this vulnerability to cause a
denial of service (crash) or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

bwa - 0.7.17-3~ubuntu0.19.04.1

Ubuntu 18.04

bwa - 0.7.17-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

CVE-2019-10269

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM