{"id": "CFOUNDRY:6B0AE8DCD4337C002338E38E73059441", "bulletinFamily": "software", "title": "USN-3225-1: libarchive vulnerabilities | Cloud Foundry", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nIt was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. ([CVE-2016-5418](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5418>))\n\nChristian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled filename lengths when writing ISO9660 archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-6250](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6250>))\n\nAlexander Cherepanov discovered that libarchive incorrectly handled recursive decompressions. A remote attacker could possibly use this issue to cause libarchive to hang, resulting in a denial of service. ([CVE-2016-7166](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7166>))\n\nIt was discovered that libarchive incorrectly handled non-printable multibyte characters in filenames. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. ([CVE-2016-8687](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8687>))\n\nIt was discovered that libarchive incorrectly handled line sizes when extracting certain archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. ([CVE-2016-8688](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8688>))\n\nIt was discovered that libarchive incorrectly handled multiple EmptyStream attributes when extracting certain 7zip archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. ([CVE-2016-8689](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8689>))\n\nJakub Jirasek discovered that libarchive incorrectly handled memory when extracting certain archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. ([CVE-2017-5601](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5601>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3151.x versions prior to 3151.14\n * 3233.x versions prior to 3233.16\n * 3263.x versions prior to 3263.22\n * 3312.x versions prior to 3312.22\n * 3363.x versions prior to 3363.14\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.108.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3151.x versions to 3151.14 or later\n * Upgrade 3233.x versions to 3233.16 or later\n * Upgrade 3263.x versions to 3263.22 or later\n * Upgrade 3312.x versions to 3312.22 or later\n * Upgrade 3363.x versions to 3363.14 or later\n * All other stemcells should be upgraded to the latest version.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 versions 1.108.0 or later.\n\n# References\n\n * [USN-3225-1](<http://www.ubuntu.com/usn/usn-3225-1/>)\n * [CVE-2016-5418](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5418>)\n * [CVE-2016-6250](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6250>)\n * [CVE-2016-7166](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7166>)\n * [CVE-2016-8687](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8687>)\n * [CVE-2016-8688](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8688>)\n * [CVE-2016-8689](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8689>)\n * [CVE-2017-5601](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5601>)\n", "published": "2017-03-31T00:00:00", "modified": "2017-03-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.cloudfoundry.org/blog/usn-3225-1/", "reporter": "Cloud Foundry", "references": [], "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-8687", "CVE-2016-5418", "CVE-2017-5601", "CVE-2016-8689", "CVE-2016-8688"], "type": "cloudfoundry", "lastseen": "2019-05-29T18:32:56", "edition": 5, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["DEBIAN_DLA-661.NASL", "DEBIAN_DSA-3677.NASL", "EULEROS_SA-2019-2014.NASL", "PHOTONOS_PHSA-2017-0010.NASL", "OPENSUSE-2016-1404.NASL", "UBUNTU_USN-3225-1.NASL", "SUSE_SU-2016-2911-1.NASL", "PHOTONOS_PHSA-2017-0010_LIBARCHIVE.NASL", "OPENSUSE-2016-1405.NASL", "DEBIAN_DLA-1600.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:703677", "OPENVAS:1361412562310140098", "OPENVAS:1361412562310809131", "OPENVAS:1361412562310703677", "OPENVAS:1361412562311220192379", "OPENVAS:1361412562311220192014", "OPENVAS:1361412562310843087", "OPENVAS:1361412562310872127", "OPENVAS:1361412562310891600", "OPENVAS:1361412562311220201226"]}, {"type": "ubuntu", "idList": ["USN-3225-1"]}, {"type": "cve", "idList": ["CVE-2016-5418", "CVE-2016-7166", "CVE-2017-5601", "CVE-2016-8687", "CVE-2016-6250", "CVE-2016-8689", "CVE-2016-8688"]}, {"type": "f5", "idList": ["F5:K52697522", "F5:K13074505", "F5:K35263486", "F5:K35246595"]}, {"type": "debian", "idList": ["DEBIAN:DLA-810-1:E07AE", "DEBIAN:DLA-661-1:2AD6A", "DEBIAN:DLA-657-1:F5D95", "DEBIAN:DLA-1600-1:DC924", "DEBIAN:DLA-617-1:AAA4D", "DEBIAN:DSA-3677-1:667B6"]}, {"type": "fedora", "idList": ["FEDORA:ABB636087C38", "FEDORA:B4D076014623", "FEDORA:EDB83609A17D", "FEDORA:B80866087584", "FEDORA:AC8CA6076F6C", "FEDORA:EB6D96091F31"]}, {"type": "redhat", "idList": ["RHSA-2016:1853", "RHSA-2016:1852", "RHSA-2016:1844", "RHSA-2016:1850"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1844", "ELSA-2016-1850"]}, {"type": "centos", "idList": ["CESA-2016:1850", "CESA-2016:1844"]}, {"type": "gentoo", "idList": ["GLSA-201701-03"]}, {"type": "threatpost", "idList": ["THREATPOST:6D7DC234BA4C8D630208866829F1B637"]}, {"type": "amazon", "idList": ["ALAS-2016-743"]}], "modified": "2019-05-29T18:32:56", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2019-05-29T18:32:56", "rev": 2}, "vulnersScore": 6.8}, "affectedSoftware": [], "scheme": null}

{"nessus": [{"lastseen": "2021-01-01T06:44:43", "description": "It was discovered that libarchive incorrectly handled hardlink entries\nwhen extracting archives. A remote attacker could possibly use this\nissue to overwrite arbitrary files. (CVE-2016-5418)\n\nChristian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered\nthat libarchive incorrectly handled filename lengths when writing\nISO9660 archives. A remote attacker could use this issue to cause\nlibarchive to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6250)\n\nAlexander Cherepanov discovered that libarchive incorrectly handled\nrecursive decompressions. A remote attacker could possibly use this\nissue to cause libarchive to hang, resulting in a denial of service.\nThis issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-7166)\n\nIt was discovered that libarchive incorrectly handled non-printable\nmultibyte characters in filenames. A remote attacker could possibly\nuse this issue to cause libarchive to crash, resulting in a denial of\nservice. (CVE-2016-8687)\n\nIt was discovered that libarchive incorrectly handled line sizes when\nextracting certain archives. A remote attacker could possibly use this\nissue to cause libarchive to crash, resulting in a denial of service.\n(CVE-2016-8688)\n\nIt was discovered that libarchive incorrectly handled multiple\nEmptyStream attributes when extracting certain 7zip archives. A remote\nattacker could possibly use this issue to cause libarchive to crash,\nresulting in a denial of service. (CVE-2016-8689)\n\nJakub Jirasek discovered that libarchive incorrectly handled memory\nwhen extracting certain archives. A remote attacker could possibly use\nthis issue to cause libarchive to crash, resulting in a denial of\nservice. (CVE-2017-5601).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2017-03-10T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libarchive vulnerabilities (USN-3225-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-8687", "CVE-2016-5418", "CVE-2017-5601", "CVE-2016-8689", "CVE-2016-8688"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libarchive13", "p-cpe:/a:canonical:ubuntu_linux:libarchive12", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3225-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3225-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97660);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5418\", \"CVE-2016-6250\", \"CVE-2016-7166\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-5601\");\n script_xref(name:\"USN\", value:\"3225-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libarchive vulnerabilities (USN-3225-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libarchive incorrectly handled hardlink entries\nwhen extracting archives. A remote attacker could possibly use this\nissue to overwrite arbitrary files. (CVE-2016-5418)\n\nChristian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered\nthat libarchive incorrectly handled filename lengths when writing\nISO9660 archives. A remote attacker could use this issue to cause\nlibarchive to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6250)\n\nAlexander Cherepanov discovered that libarchive incorrectly handled\nrecursive decompressions. A remote attacker could possibly use this\nissue to cause libarchive to hang, resulting in a denial of service.\nThis issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-7166)\n\nIt was discovered that libarchive incorrectly handled non-printable\nmultibyte characters in filenames. A remote attacker could possibly\nuse this issue to cause libarchive to crash, resulting in a denial of\nservice. (CVE-2016-8687)\n\nIt was discovered that libarchive incorrectly handled line sizes when\nextracting certain archives. A remote attacker could possibly use this\nissue to cause libarchive to crash, resulting in a denial of service.\n(CVE-2016-8688)\n\nIt was discovered that libarchive incorrectly handled multiple\nEmptyStream attributes when extracting certain 7zip archives. A remote\nattacker could possibly use this issue to cause libarchive to crash,\nresulting in a denial of service. (CVE-2016-8689)\n\nJakub Jirasek discovered that libarchive incorrectly handled memory\nwhen extracting certain archives. A remote attacker could possibly use\nthis issue to cause libarchive to crash, resulting in a denial of\nservice. (CVE-2017-5601).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3225-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libarchive12 and / or libarchive13 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libarchive12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libarchive12\", pkgver:\"3.0.3-6ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libarchive13\", pkgver:\"3.1.2-7ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libarchive13\", pkgver:\"3.1.2-11ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libarchive13\", pkgver:\"3.2.1-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive12 / libarchive13\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:25:00", "description": "This update for libarchive fixes several issues. These security issues\nwere fixed :\n\n - CVE-2016-8687: Buffer overflow when printing a filename\n (bsc#1005070).\n\n - CVE-2016-8689: Heap overflow when reading corrupted 7Zip\n files (bsc#1005072).\n\n - CVE-2016-8688: Use after free because of incorrect\n calculation in next_line (bsc#1005076).\n\n - CVE-2016-5844: Integer overflow in the ISO parser in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) via a crafted ISO file\n (bsc#986566).\n\n - CVE-2016-6250: Integer overflow in the ISO9660 writer in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) or execute arbitrary code\n via vectors related to verifying filename lengths when\n writing an ISO9660 archive, which trigger a buffer\n overflow (bsc#989980).\n\n - CVE-2016-5418: The sandboxing code in libarchive\n mishandled hardlink archive entries of non-zero data\n size, which might allowed remote attackers to write to\n arbitrary files via a crafted archive file (bsc#998677).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2016-11-28T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2016:2911-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-8687", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-8689", "CVE-2015-2304", "CVE-2016-8688"], "modified": "2016-11-28T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libarchive13-debuginfo", "p-cpe:/a:novell:suse_linux:libarchive-debugsource", "p-cpe:/a:novell:suse_linux:libarchive13"], "id": "SUSE_SU-2016-2911-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95367", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2911-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95367);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-2304\", \"CVE-2016-5418\", \"CVE-2016-5844\", \"CVE-2016-6250\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\");\n script_bugtraq_id(73137);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2016:2911-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libarchive fixes several issues. These security issues\nwere fixed :\n\n - CVE-2016-8687: Buffer overflow when printing a filename\n (bsc#1005070).\n\n - CVE-2016-8689: Heap overflow when reading corrupted 7Zip\n files (bsc#1005072).\n\n - CVE-2016-8688: Use after free because of incorrect\n calculation in next_line (bsc#1005076).\n\n - CVE-2016-5844: Integer overflow in the ISO parser in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) via a crafted ISO file\n (bsc#986566).\n\n - CVE-2016-6250: Integer overflow in the ISO9660 writer in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) or execute arbitrary code\n via vectors related to verifying filename lengths when\n writing an ISO9660 archive, which trigger a buffer\n overflow (bsc#989980).\n\n - CVE-2016-5418: The sandboxing code in libarchive\n mishandled hardlink archive entries of non-zero data\n size, which might allowed remote attackers to write to\n arbitrary files via a crafted archive file (bsc#998677).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2304/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5844/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6250/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8687/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8689/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162911-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?371d332b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1698=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1698=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1698=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1698=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1698=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1698=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1698=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive13-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libarchive-debugsource-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libarchive13-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libarchive13-debuginfo-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libarchive-debugsource-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libarchive13-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libarchive13-debuginfo-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libarchive-debugsource-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libarchive13-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libarchive13-debuginfo-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libarchive-debugsource-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libarchive13-3.1.2-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libarchive13-debuginfo-3.1.2-25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:29:38", "description": "This update for libarchive fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2016-8687: Buffer overflow when printing a filename\n (bsc#1005070).\n\n - CVE-2016-8689: Heap overflow when reading corrupted 7Zip\n files (bsc#1005072).\n\n - CVE-2016-8688: Use after free because of incorrect\n calculation in next_line (bsc#1005076).\n\n - CVE-2016-5844: Integer overflow in the ISO parser in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) via a crafted ISO file\n (bsc#986566).\n\n - CVE-2016-6250: Integer overflow in the ISO9660 writer in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) or execute arbitrary code\n via vectors related to verifying filename lengths when\n writing an ISO9660 archive, which trigger a buffer\n overflow (bsc#989980).\n\n - CVE-2016-5418: The sandboxing code in libarchive\n mishandled hardlink archive entries of non-zero data\n size, which might allowed remote attackers to write to\n arbitrary files via a crafted archive file (bsc#998677).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 17, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2016-12-06T00:00:00", "title": "openSUSE Security Update : libarchive (openSUSE-2016-1405)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-8687", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-8689", "CVE-2015-2304", "CVE-2016-8688"], "modified": "2016-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libarchive-devel", "p-cpe:/a:novell:opensuse:libarchive13", "p-cpe:/a:novell:opensuse:libarchive-debugsource", "p-cpe:/a:novell:opensuse:libarchive13-debuginfo", "p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bsdtar", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:bsdtar-debuginfo", "p-cpe:/a:novell:opensuse:libarchive13-32bit"], "id": "OPENSUSE-2016-1405.NASL", "href": "https://www.tenable.com/plugins/nessus/95559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1405.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95559);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-2304\", \"CVE-2016-5418\", \"CVE-2016-5844\", \"CVE-2016-6250\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\");\n\n script_name(english:\"openSUSE Security Update : libarchive (openSUSE-2016-1405)\");\n script_summary(english:\"Check for the openSUSE-2016-1405 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libarchive fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2016-8687: Buffer overflow when printing a filename\n (bsc#1005070).\n\n - CVE-2016-8689: Heap overflow when reading corrupted 7Zip\n files (bsc#1005072).\n\n - CVE-2016-8688: Use after free because of incorrect\n calculation in next_line (bsc#1005076).\n\n - CVE-2016-5844: Integer overflow in the ISO parser in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) via a crafted ISO file\n (bsc#986566).\n\n - CVE-2016-6250: Integer overflow in the ISO9660 writer in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) or execute arbitrary code\n via vectors related to verifying filename lengths when\n writing an ISO9660 archive, which trigger a buffer\n overflow (bsc#989980).\n\n - CVE-2016-5418: The sandboxing code in libarchive\n mishandled hardlink archive entries of non-zero data\n size, which might allowed remote attackers to write to\n arbitrary files via a crafted archive file (bsc#998677).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998677\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libarchive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bsdtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bsdtar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"bsdtar-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"bsdtar-debuginfo-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libarchive-debugsource-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libarchive-devel-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libarchive13-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libarchive13-debuginfo-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libarchive13-32bit-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libarchive13-debuginfo-32bit-3.1.2-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bsdtar / bsdtar-debuginfo / libarchive-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:29:38", "description": "This update for libarchive fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2016-8687: Buffer overflow when printing a filename\n (bsc#1005070).\n\n - CVE-2016-8689: Heap overflow when reading corrupted 7Zip\n files (bsc#1005072).\n\n - CVE-2016-8688: Use after free because of incorrect\n calculation in next_line (bsc#1005076).\n\n - CVE-2016-5844: Integer overflow in the ISO parser in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) via a crafted ISO file\n (bsc#986566).\n\n - CVE-2016-6250: Integer overflow in the ISO9660 writer in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) or execute arbitrary code\n via vectors related to verifying filename lengths when\n writing an ISO9660 archive, which trigger a buffer\n overflow (bsc#989980).\n\n - CVE-2016-5418: The sandboxing code in libarchive\n mishandled hardlink archive entries of non-zero data\n size, which might allowed remote attackers to write to\n arbitrary files via a crafted archive file (bsc#998677).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 17, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2016-12-06T00:00:00", "title": "openSUSE Security Update : libarchive (openSUSE-2016-1404)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-8687", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-8689", "CVE-2015-2304", "CVE-2016-8688"], "modified": "2016-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libarchive-devel", "p-cpe:/a:novell:opensuse:libarchive13", "p-cpe:/a:novell:opensuse:libarchive-debugsource", "p-cpe:/a:novell:opensuse:libarchive13-debuginfo", "p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:bsdtar", "p-cpe:/a:novell:opensuse:bsdtar-debuginfo", "p-cpe:/a:novell:opensuse:libarchive13-32bit"], "id": "OPENSUSE-2016-1404.NASL", "href": "https://www.tenable.com/plugins/nessus/95558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1404.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95558);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-2304\", \"CVE-2016-5418\", \"CVE-2016-5844\", \"CVE-2016-6250\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\");\n\n script_name(english:\"openSUSE Security Update : libarchive (openSUSE-2016-1404)\");\n script_summary(english:\"Check for the openSUSE-2016-1404 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libarchive fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2016-8687: Buffer overflow when printing a filename\n (bsc#1005070).\n\n - CVE-2016-8689: Heap overflow when reading corrupted 7Zip\n files (bsc#1005072).\n\n - CVE-2016-8688: Use after free because of incorrect\n calculation in next_line (bsc#1005076).\n\n - CVE-2016-5844: Integer overflow in the ISO parser in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) via a crafted ISO file\n (bsc#986566).\n\n - CVE-2016-6250: Integer overflow in the ISO9660 writer in\n libarchive allowed remote attackers to cause a denial of\n service (application crash) or execute arbitrary code\n via vectors related to verifying filename lengths when\n writing an ISO9660 archive, which trigger a buffer\n overflow (bsc#989980).\n\n - CVE-2016-5418: The sandboxing code in libarchive\n mishandled hardlink archive entries of non-zero data\n size, which might allowed remote attackers to write to\n arbitrary files via a crafted archive file (bsc#998677).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998677\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libarchive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bsdtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bsdtar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bsdtar-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bsdtar-debuginfo-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libarchive-debugsource-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libarchive-devel-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libarchive13-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libarchive13-debuginfo-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libarchive13-32bit-3.1.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libarchive13-debuginfo-32bit-3.1.2-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bsdtar / bsdtar-debuginfo / libarchive-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:49:48", "description": "Several vulnerabilities were discovered in libarchive, a multi-format\narchive and compression library, which may lead to denial of service\n(memory consumption and application crash), bypass of sandboxing\nrestrictions and overwrite arbitrary files with arbitrary data from an\narchive, or the execution of arbitrary code.", "edition": 25, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2016-09-26T00:00:00", "title": "Debian DSA-3677-1 : libarchive - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-5418"], "modified": "2016-09-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libarchive", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3677.NASL", "href": "https://www.tenable.com/plugins/nessus/93695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3677. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93695);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5418\", \"CVE-2016-6250\", \"CVE-2016-7166\");\n script_xref(name:\"DSA\", value:\"3677\");\n\n script_name(english:\"Debian DSA-3677-1 : libarchive - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libarchive, a multi-format\narchive and compression library, which may lead to denial of service\n(memory consumption and application crash), bypass of sandboxing\nrestrictions and overwrite arbitrary files with arbitrary data from an\narchive, or the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libarchive\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3677\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libarchive packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.1.2-11+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"bsdcpio\", reference:\"3.1.2-11+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bsdtar\", reference:\"3.1.2-11+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libarchive-dev\", reference:\"3.1.2-11+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libarchive13\", reference:\"3.1.2-11+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:39:16", "description": "An update of the libarchive package has been released.", "edition": 8, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Libarchive PHSA-2017-0010", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-8687", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-4301", "CVE-2017-5601", "CVE-2016-8689", "CVE-2016-4809", "CVE-2015-8933", "CVE-2016-4302", "CVE-2016-8688", "CVE-2016-4300"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libarchive", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0010_LIBARCHIVE.NASL", "href": "https://www.tenable.com/plugins/nessus/121677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0010. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121677);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\n \"CVE-2015-8933\",\n \"CVE-2016-4300\",\n \"CVE-2016-4301\",\n \"CVE-2016-4302\",\n \"CVE-2016-4809\",\n \"CVE-2016-5418\",\n \"CVE-2016-5844\",\n \"CVE-2016-6250\",\n \"CVE-2016-7166\",\n \"CVE-2016-8687\",\n \"CVE-2016-8688\",\n \"CVE-2016-8689\",\n \"CVE-2017-5601\"\n );\n\n script_name(english:\"Photon OS 1.0: Libarchive PHSA-2017-0010\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libarchive package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-34.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6250\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-debuginfo-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libarchive-devel-3.3.1-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:44:00", "description": "Agostino Sarubbo of Gentoo discovered several security vulnerabilities\nin libarchive, a multi-format archive and compression library. An\nattacker could take advantage of these flaws to cause a buffer\noverflow or an out of bounds read using a carefully crafted input\nfile.\n\nCVE-2016-8687\n\nAgostino Sarubbo of Gentoo discovered a possible stack-based buffer\noverflow when printing a filename in bsdtar_expand_char() of util.c.\n\nCVE-2016-8688\n\nAgostino Sarubbo of Gentoo discovered a possible out of bounds read\nwhen parsing multiple long lines in bid_entry() and detect_form() of\narchive_read_support_format_mtree.c.\n\nCVE-2016-8689\n\nAgostino Sarubbo of Gentoo discovered a possible heap-based buffer\noverflow when reading corrupted 7z files in read_Header() of\narchive_read_support_format_7zip.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.0.4-3+wheezy5.\n\nWe recommend that you upgrade your libarchive packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-18T00:00:00", "title": "Debian DLA-661-1 : libarchive security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8687", "CVE-2016-8689", "CVE-2016-8688"], "modified": "2016-10-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libarchive-dev", "p-cpe:/a:debian:debian_linux:bsdtar", "p-cpe:/a:debian:debian_linux:libarchive12", "p-cpe:/a:debian:debian_linux:bsdcpio", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-661.NASL", "href": "https://www.tenable.com/plugins/nessus/94102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-661-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94102);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\");\n\n script_name(english:\"Debian DLA-661-1 : libarchive security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Agostino Sarubbo of Gentoo discovered several security vulnerabilities\nin libarchive, a multi-format archive and compression library. An\nattacker could take advantage of these flaws to cause a buffer\noverflow or an out of bounds read using a carefully crafted input\nfile.\n\nCVE-2016-8687\n\nAgostino Sarubbo of Gentoo discovered a possible stack-based buffer\noverflow when printing a filename in bsdtar_expand_char() of util.c.\n\nCVE-2016-8688\n\nAgostino Sarubbo of Gentoo discovered a possible out of bounds read\nwhen parsing multiple long lines in bid_entry() and detect_form() of\narchive_read_support_format_mtree.c.\n\nCVE-2016-8689\n\nAgostino Sarubbo of Gentoo discovered a possible heap-based buffer\noverflow when reading corrupted 7z files in read_Header() of\narchive_read_support_format_7zip.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.0.4-3+wheezy5.\n\nWe recommend that you upgrade your libarchive packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/10/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libarchive\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdcpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"bsdcpio\", reference:\"3.0.4-3+wheezy5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bsdtar\", reference:\"3.0.4-3+wheezy5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libarchive-dev\", reference:\"3.0.4-3+wheezy5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libarchive12\", reference:\"3.0.4-3+wheezy5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-02-21T01:41:51", "description": "An update of [binutils,ntp,libarchive] packages for PhotonOS has been released.", "edition": 6, "published": "2018-08-17T00:00:00", "title": "Photon OS 1.0: Binutils / Libarchive / Ntp PHSA-2017-0010 (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-8687", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-6451", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-4301", "CVE-2014-9939", "CVE-2017-6458", "CVE-2017-5601", "CVE-2016-8689", "CVE-2017-6462", "CVE-2017-6463", "CVE-2016-4809", "CVE-2017-6452", "CVE-2015-8933", "CVE-2016-4302", "CVE-2016-8688", "CVE-2016-4300", "CVE-2017-6464", "CVE-2017-6969"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libarchive", "p-cpe:/a:vmware:photonos:binutils", "p-cpe:/a:vmware:photonos:ntp", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0010.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111859", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0010. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111859);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2014-9939\",\n \"CVE-2015-8933\",\n \"CVE-2016-4300\",\n \"CVE-2016-4301\",\n \"CVE-2016-4302\",\n \"CVE-2016-4809\",\n \"CVE-2016-5418\",\n \"CVE-2016-5844\",\n \"CVE-2016-6250\",\n \"CVE-2016-7166\",\n \"CVE-2016-8687\",\n \"CVE-2016-8688\",\n \"CVE-2016-8689\",\n \"CVE-2017-5601\",\n \"CVE-2017-6451\",\n \"CVE-2017-6452\",\n \"CVE-2017-6455\",\n \"CVE-2017-6458\",\n \"CVE-2017-6460\",\n \"CVE-2017-6462\",\n \"CVE-2017-6463\",\n \"CVE-2017-6464\",\n \"CVE-2017-6969\"\n );\n\n script_name(english:\"Photon OS 1.0: Binutils / Libarchive / Ntp PHSA-2017-0010 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [binutils,ntp,libarchive] packages for PhotonOS has been\nreleased.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-34\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5b02cf41\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9939\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"binutils-2.25.1-4.ph1\",\n \"binutils-debuginfo-2.25.1-4.ph1\",\n \"binutils-devel-2.25.1-4.ph1\",\n \"libarchive-3.3.1-1.ph1\",\n \"libarchive-debuginfo-3.3.1-1.ph1\",\n \"libarchive-devel-3.3.1-1.ph1\",\n \"ntp-4.2.8p10-1.ph1\",\n \"ntp-debuginfo-4.2.8p10-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / libarchive / ntp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-01-12T09:40:09", "description": "Multiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial of service (application crash) via\nspecially crafted archive files.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-11-30T00:00:00", "title": "Debian DLA-1600-1 : libarchive security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8687", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-8915", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2018-11-30T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libarchive-dev", "p-cpe:/a:debian:debian_linux:bsdtar", "p-cpe:/a:debian:debian_linux:libarchive13", "p-cpe:/a:debian:debian_linux:bsdcpio"], "id": "DEBIAN_DLA-1600.NASL", "href": "https://www.tenable.com/plugins/nessus/119289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1600-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119289);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8915\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\", \"CVE-2017-5601\");\n\n script_name(english:\"Debian DLA-1600-1 : libarchive security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial of service (application crash) via\nspecially crafted archive files.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libarchive\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdcpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"bsdcpio\", reference:\"3.1.2-11+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bsdtar\", reference:\"3.1.2-11+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libarchive-dev\", reference:\"3.1.2-11+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libarchive13\", reference:\"3.1.2-11+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:59:31", "description": "According to the versions of the libarchive package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An error in the lha_read_file_header_1() function\n (archive_read_support_format_lha.c) in libarchive 3.2.2\n allows remote attackers to trigger an out-of-bounds\n read memory access and subsequently cause a crash via a\n specially crafted archive.(CVE-2017-5601)\n\n - read_header in archive_read_support_format_rar.c in\n libarchive 3.3.2 suffers from an off-by-one error for\n UTF-16 names in RAR archives, leading to an\n out-of-bounds read in\n archive_read_format_rar_read_header.(CVE-2017-14502)\n\n - The read_Header function in\n archive_read_support_format_7zip.c in libarchive 3.2.1\n allows remote attackers to cause a denial of service\n (out-of-bounds read) via multiple EmptyStream\n attributes in a header in a 7zip\n archive.(CVE-2016-8689)\n\n - Stack-based buffer overflow in the safe_fprintf\n function in tar/util.c in libarchive 3.2.1 allows\n remote attackers to cause a denial of service via a\n crafted non-printable multibyte character in a\n filename.(CVE-2016-8687)\n\n - OpenEMR version 5.0.0 contains a Cross Site Scripting\n (XSS) vulnerability in open-flash-chart.swf and\n _posteddata.php that can result in . This vulnerability\n appears to have been fixed in 5.0.0 Patch 2 or\n higher.(CVE-2018-1000020)\n\n - OpenEMR version 5.0.0 contains a OS Command Injection\n vulnerability in fax_dispatch.php that can result in OS\n command injection by an authenticated attacker with any\n role. This vulnerability appears to have been fixed in\n 5.0.0 Patch 2 or higher.(CVE-2018-1000019)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-24T00:00:00", "title": "EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000019", "CVE-2016-8687", "CVE-2019-1000019", "CVE-2017-14502", "CVE-2017-5601", "CVE-2016-8689", "CVE-2019-1000020", "CVE-2018-1000020"], "modified": "2019-09-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libarchive", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2014.NASL", "href": "https://www.tenable.com/plugins/nessus/129207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129207);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-8687\",\n \"CVE-2016-8689\",\n \"CVE-2017-14502\",\n \"CVE-2017-5601\",\n \"CVE-2019-1000019\",\n \"CVE-2019-1000020\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2014)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libarchive package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An error in the lha_read_file_header_1() function\n (archive_read_support_format_lha.c) in libarchive 3.2.2\n allows remote attackers to trigger an out-of-bounds\n read memory access and subsequently cause a crash via a\n specially crafted archive.(CVE-2017-5601)\n\n - read_header in archive_read_support_format_rar.c in\n libarchive 3.3.2 suffers from an off-by-one error for\n UTF-16 names in RAR archives, leading to an\n out-of-bounds read in\n archive_read_format_rar_read_header.(CVE-2017-14502)\n\n - The read_Header function in\n archive_read_support_format_7zip.c in libarchive 3.2.1\n allows remote attackers to cause a denial of service\n (out-of-bounds read) via multiple EmptyStream\n attributes in a header in a 7zip\n archive.(CVE-2016-8689)\n\n - Stack-based buffer overflow in the safe_fprintf\n function in tar/util.c in libarchive 3.2.1 allows\n remote attackers to cause a denial of service via a\n crafted non-printable multibyte character in a\n filename.(CVE-2016-8687)\n\n - OpenEMR version 5.0.0 contains a Cross Site Scripting\n (XSS) vulnerability in open-flash-chart.swf and\n _posteddata.php that can result in . This vulnerability\n appears to have been fixed in 5.0.0 Patch 2 or\n higher.(CVE-2018-1000020)\n\n - OpenEMR version 5.0.0 contains a OS Command Injection\n vulnerability in fax_dispatch.php that can result in OS\n command injection by an authenticated attacker with any\n role. This vulnerability appears to have been fixed in\n 5.0.0 Patch 2 or higher.(CVE-2018-1000019)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2014\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3830d9c0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libarchive packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libarchive-3.1.2-10.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-8687", "CVE-2016-5418", "CVE-2017-5601", "CVE-2016-8689", "CVE-2016-8688"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-03-10T00:00:00", "id": "OPENVAS:1361412562310843087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843087", "type": "openvas", "title": "Ubuntu Update for libarchive USN-3225-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libarchive USN-3225-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843087\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-10 05:53:47 +0100 (Fri, 10 Mar 2017)\");\n script_cve_id(\"CVE-2016-5418\", \"CVE-2016-6250\", \"CVE-2016-7166\", \"CVE-2016-8687\",\n \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-5601\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libarchive USN-3225-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libarchive'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that libarchive\n incorrectly handled hardlink entries when extracting archives. A remote attacker\n could possibly use this issue to overwrite arbitrary files. (CVE-2016-5418)\n Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that\n libarchive incorrectly handled filename lengths when writing ISO9660 archives. A\n remote attacker could use this issue to cause libarchive to crash, resulting in\n a denial of service, or possibly execute arbitrary code. This issue only applied\n to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6250)\n Alexander Cherepanov discovered that libarchive incorrectly handled recursive\n decompressions. A remote attacker could possibly use this issue to cause\n libarchive to hang, resulting in a denial of service. This issue only applied to\n Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7166) It was\n discovered that libarchive incorrectly handled non-printable multibyte\n characters in filenames. A remote attacker could possibly use this issue to\n cause libarchive to crash, resulting in a denial of service. (CVE-2016-8687) It\n was discovered that libarchive incorrectly handled line sizes when extracting\n certain archives. A remote attacker could possibly use this issue to cause\n libarchive to crash, resulting in a denial of service. (CVE-2016-8688) It was\n discovered that libarchive incorrectly handled multiple EmptyStream attributes\n when extracting certain 7zip archives. A remote attacker could possibly use this\n issue to cause libarchive to crash, resulting in a denial of service.\n (CVE-2016-8689) Jakub Jirasek discovered that libarchive incorrectly handled\n memory when extracting certain archives. A remote attacker could possibly use\n this issue to cause libarchive to crash, resulting in a denial of service.\n (CVE-2017-5601)\");\n script_tag(name:\"affected\", value:\"libarchive on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3225-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3225-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libarchive13:i386\", ver:\"3.1.2-7ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libarchive13:amd64\", ver:\"3.1.2-7ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libarchive13:i386\", ver:\"3.2.1-2ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libarchive13:amd64\", ver:\"3.2.1-2ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libarchive12:i386\", ver:\"3.0.3-6ubuntu1.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libarchive12:amd64\", ver:\"3.0.3-6ubuntu1.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libarchive13:amd64\", ver:\"3.1.2-11ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libarchive13:i386\", ver:\"3.1.2-11ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-5418"], "description": "Several vulnerabilities were discovered\nin libarchive, a multi-format archive and compression library, which may lead to\ndenial of service (memory consumption and application crash), bypass of sandboxing\nrestrictions and overwrite arbitrary files with arbitrary data from an\narchive, or the execution of arbitrary code.", "modified": "2019-03-18T00:00:00", "published": "2016-09-25T00:00:00", "id": "OPENVAS:1361412562310703677", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703677", "type": "openvas", "title": "Debian Security Advisory DSA 3677-1 (libarchive - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3677.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3677-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703677\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-5418\", \"CVE-2016-6250\", \"CVE-2016-7166\");\n script_name(\"Debian Security Advisory DSA 3677-1 (libarchive - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-25 00:00:00 +0200 (Sun, 25 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3677.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"libarchive on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 3.1.2-11+deb8u3.\n\nWe recommend that you upgrade your libarchive packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin libarchive, a multi-format archive and compression library, which may lead to\ndenial of service (memory consumption and application crash), bypass of sandboxing\nrestrictions and overwrite arbitrary files with arbitrary data from an\narchive, or the execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"bsdcpio\", ver:\"3.1.2-11+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"bsdtar\", ver:\"3.1.2-11+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libarchive-dev:amd64\", ver:\"3.1.2-11+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libarchive-dev:i386\", ver:\"3.1.2-11+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libarchive13:amd64\", ver:\"3.1.2-11+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libarchive13:i386\", ver:\"3.1.2-11+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-5418"], "description": "Several vulnerabilities were discovered\nin libarchive, a multi-format archive and compression library, which may lead to\ndenial of service (memory consumption and application crash), bypass of sandboxing\nrestrictions and overwrite arbitrary files with arbitrary data from an\narchive, or the execution of arbitrary code.", "modified": "2017-07-07T00:00:00", "published": "2016-09-25T00:00:00", "id": "OPENVAS:703677", "href": "http://plugins.openvas.org/nasl.php?oid=703677", "type": "openvas", "title": "Debian Security Advisory DSA 3677-1 (libarchive - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3677.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3677-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703677);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5418\", \"CVE-2016-6250\", \"CVE-2016-7166\");\n script_name(\"Debian Security Advisory DSA 3677-1 (libarchive - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-09-25 00:00:00 +0200 (Sun, 25 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3677.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libarchive on Debian Linux\");\n script_tag(name: \"insight\", value: \"The libarchive library provides a\nflexible interface for reading and writing streaming archive files such as\ntar and cpio.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 3.1.2-11+deb8u3.\n\nWe recommend that you upgrade your libarchive packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin libarchive, a multi-format archive and compression library, which may lead to\ndenial of service (memory consumption and application crash), bypass of sandboxing\nrestrictions and overwrite arbitrary files with arbitrary data from an\narchive, or the execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bsdcpio\", ver:\"3.1.2-11+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bsdtar\", ver:\"3.1.2-11+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarchive-dev:amd64\", ver:\"3.1.2-11+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarchive-dev:i386\", ver:\"3.1.2-11+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarchive13:amd64\", ver:\"3.1.2-11+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarchive13:i386\", ver:\"3.1.2-11+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8687", "CVE-2016-8689", "CVE-2016-8688"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-12T00:00:00", "id": "OPENVAS:1361412562310872127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872127", "type": "openvas", "title": "Fedora Update for mingw-libarchive FEDORA-2016-dd2aa2b4a9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libarchive FEDORA-2016-dd2aa2b4a9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872127\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-12 06:27:18 +0100 (Mon, 12 Dec 2016)\");\n script_cve_id(\"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libarchive FEDORA-2016-dd2aa2b4a9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libarchive'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libarchive on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-dd2aa2b4a9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MEAAZ4XH66QDAK6DDGCFXUXJIDHLSK4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libarchive\", rpm:\"mingw-libarchive~3.2.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-07T18:43:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5418"], "description": "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.", "modified": "2020-04-03T00:00:00", "published": "2016-12-14T00:00:00", "id": "OPENVAS:1361412562310140098", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140098", "type": "openvas", "title": "F5 BIG-IP - Article: K35246595 - libarchive vulnerability CVE-2016-5418", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - Article: K35246595 - libarchive vulnerability CVE-2016-5418\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140098\");\n script_cve_id(\"CVE-2016-5418\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - Article: K35246595 - libarchive vulnerability CVE-2016-5418\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/csp/#/article/K35246595\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-14 12:34:06 +0100 (Wed, 14 Dec 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '12.0.0-12.1.1;11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '12.0.0-12.1.1;11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '12.0.0-12.1.1;11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '12.0.0-12.1.1;11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;11.2.1;' );\n\ncheck_f5['APM'] = make_array( 'affected', '12.0.0-12.1.1;11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '12.0.0-12.1.1;11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['GTM'] = make_array( 'affected', '11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['LC'] = make_array( 'affected', '12.0.0-12.1.1;11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '12.0.0-12.1.1;11.6.0-11.6.1;',\n 'unaffected', '11.4.1-11.5.4;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-29T20:11:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8687", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-8915", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "description": "Multiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial-of-service (application crash) via\nspecially crafted archive files.", "modified": "2020-01-29T00:00:00", "published": "2018-11-30T00:00:00", "id": "OPENVAS:1361412562310891600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891600", "type": "openvas", "title": "Debian LTS: Security Advisory for libarchive (DLA-1600-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891600\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-8915\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\",\n \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\",\n \"CVE-2017-14503\", \"CVE-2017-5601\");\n script_name(\"Debian LTS: Security Advisory for libarchive (DLA-1600-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-30 00:00:00 +0100 (Fri, 30 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"libarchive on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial-of-service (application crash) via\nspecially crafted archive files.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bsdcpio\", ver:\"3.1.2-11+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bsdtar\", ver:\"3.1.2-11+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive-dev\", ver:\"3.1.2-11+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive13\", ver:\"3.1.2-11+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:40:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000019", "CVE-2016-8687", "CVE-2019-1000019", "CVE-2017-14502", "CVE-2017-5601", "CVE-2016-8689", "CVE-2019-1000020", "CVE-2018-1000020"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192014", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192014", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2014)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2014\");\n script_version(\"2020-01-23T12:30:51+0000\");\n script_cve_id(\"CVE-2016-8687\", \"CVE-2016-8689\", \"CVE-2017-14502\", \"CVE-2017-5601\", \"CVE-2019-1000019\", \"CVE-2019-1000020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:30:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:30:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2014)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2014\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2014\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2019-2014 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.(CVE-2017-5601)\n\nread_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502)\n\nThe read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\nStack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\nOpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.(CVE-2018-1000020)\n\nOpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.(CVE-2018-1000019)\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.1.2~10.h3\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T16:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8687", "CVE-2019-18408", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-2304", "CVE-2015-8915", "CVE-2015-8933", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-13T00:00:00", "published": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201226", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1226)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1226\");\n script_version(\"2020-03-13T07:15:55+0000\");\n script_cve_id(\"CVE-2015-2304\", \"CVE-2015-8915\", \"CVE-2015-8933\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\", \"CVE-2017-5601\", \"CVE-2019-18408\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:15:55 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:15:55 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1226)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1226\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1226\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2020-1226 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502)\n\nAn error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.(CVE-2017-5601)\n\nStack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\nThe read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\nlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\nAn out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501)\n\nlibarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\nThe mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-2016-8688)\n\nThe archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10350)\n\nThe archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\nThe archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL p ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.1.2~10.h8\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8687", "CVE-2018-1000877", "CVE-2019-18408", "CVE-2016-10349", "CVE-2016-10209", "CVE-2018-1000878", "CVE-2017-14502", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-2304", "CVE-2015-8915", "CVE-2015-8933", "CVE-2016-8688", "CVE-2016-10350"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192379", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2379)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2379\");\n script_version(\"2020-01-23T12:52:10+0000\");\n script_cve_id(\"CVE-2015-2304\", \"CVE-2015-8915\", \"CVE-2015-8933\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14502\", \"CVE-2017-14503\", \"CVE-2017-5601\", \"CVE-2018-1000877\", \"CVE-2018-1000878\", \"CVE-2019-18408\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:52:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:52:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2379)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2379\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2379\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2019-2379 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.(CVE-2019-18408)\n\nAbsolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.(CVE-2015-2304)\n\nInteger overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.(CVE-2015-8933)\n\nThe archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.(CVE-2016-10209)\n\nAn error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.(CVE-2017-5601)\n\nread_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502)\n\nThe read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\nStack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\nlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\nThe mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-2016-8688)\n\nThe archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\nThe archive_read_format_cab_read_header function in archive_read_support_format_cab.c ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.1.2~10.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6250"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-18T00:00:00", "id": "OPENVAS:1361412562310809131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809131", "type": "openvas", "title": "Fedora Update for mingw-libarchive FEDORA-2016-472cdecb18", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libarchive FEDORA-2016-472cdecb18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809131\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-18 05:56:59 +0200 (Thu, 18 Aug 2016)\");\n script_cve_id(\"CVE-2016-6250\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libarchive FEDORA-2016-472cdecb18\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libarchive'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libarchive on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-472cdecb18\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSUOUYMRKR7ECDLZQGPNMTQCKSJKN57H\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libarchive\", rpm:\"mingw-libarchive~3.2.1~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-8687", "CVE-2016-5418", "CVE-2017-5601", "CVE-2016-8689", "CVE-2016-8688"], "description": "It was discovered that libarchive incorrectly handled hardlink entries when \nextracting archives. A remote attacker could possibly use this issue to \noverwrite arbitrary files. (CVE-2016-5418)\n\nChristian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that \nlibarchive incorrectly handled filename lengths when writing ISO9660 \narchives. A remote attacker could use this issue to cause libarchive to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and \nUbuntu 16.04 LTS. (CVE-2016-6250)\n\nAlexander Cherepanov discovered that libarchive incorrectly handled \nrecursive decompressions. A remote attacker could possibly use this issue \nto cause libarchive to hang, resulting in a denial of service. This issue \nonly applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n(CVE-2016-7166)\n\nIt was discovered that libarchive incorrectly handled non-printable \nmultibyte characters in filenames. A remote attacker could possibly use \nthis issue to cause libarchive to crash, resulting in a denial of service. \n(CVE-2016-8687)\n\nIt was discovered that libarchive incorrectly handled line sizes when \nextracting certain archives. A remote attacker could possibly use this \nissue to cause libarchive to crash, resulting in a denial of service. \n(CVE-2016-8688)\n\nIt was discovered that libarchive incorrectly handled multiple EmptyStream \nattributes when extracting certain 7zip archives. A remote attacker could \npossibly use this issue to cause libarchive to crash, resulting in a denial \nof service. (CVE-2016-8689)\n\nJakub Jirasek discovered that libarchive incorrectly handled memory when \nextracting certain archives. A remote attacker could possibly use this \nissue to cause libarchive to crash, resulting in a denial of service. \n(CVE-2017-5601)", "edition": 5, "modified": "2017-03-09T00:00:00", "published": "2017-03-09T00:00:00", "id": "USN-3225-1", "href": "https://ubuntu.com/security/notices/USN-3225-1", "title": "libarchive vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:07:42", "description": "libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-21T14:25:00", "title": "CVE-2016-7166", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7166"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:libarchive:libarchive:3.1.901a", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2"], "id": "CVE-2016-7166", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7166", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libarchive:libarchive:3.1.901a:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:40", "description": "Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.7}, "published": "2016-09-21T14:25:00", "title": "CVE-2016-6250", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6250"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/a:libarchive:libarchive:3.2.0"], "id": "CVE-2016-6250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6250", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:a:libarchive:libarchive:3.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:51", "description": "The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-15T19:59:00", "title": "CVE-2016-8689", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8689"], "modified": "2018-11-30T11:29:00", "cpe": ["cpe:/o:opensuse:leap:42.2", "cpe:/a:libarchive:libarchive:3.2.1"], "id": "CVE-2016-8689", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8689", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libarchive:libarchive:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:51", "description": "The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-15T19:59:00", "title": "CVE-2016-8688", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8688"], "modified": "2018-11-30T11:29:00", "cpe": ["cpe:/o:opensuse:leap:42.2", "cpe:/a:libarchive:libarchive:3.2.1"], "id": "CVE-2016-8688", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8688", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libarchive:libarchive:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:51", "description": "Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-15T19:59:00", "title": "CVE-2016-8687", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8687"], "modified": "2018-11-30T11:29:00", "cpe": ["cpe:/o:opensuse:leap:42.2", "cpe:/a:libarchive:libarchive:3.2.1"], "id": "CVE-2016-8687", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8687", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libarchive:libarchive:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:45", "description": "An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-27T22:59:00", "title": "CVE-2017-5601", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5601"], "modified": "2018-11-30T11:29:00", "cpe": ["cpe:/a:libarchive:libarchive:3.2.2"], "id": "CVE-2017-5601", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5601", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libarchive:libarchive:3.2.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-21T14:25:00", "title": "CVE-2016-5418", "type": "cve", "cwe": ["CWE-19", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5418"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:redhat:openshift:3.1", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:redhat:openshift:3.2", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:libarchive:libarchive:3.2.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2"], "id": "CVE-2016-5418", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5418", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:libarchive:libarchive:3.2.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-05-31T18:43:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-8689"], "description": "\nF5 Product Development has assigned ID 615226 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H52697522 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP AAM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP AFM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP Analytics | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP APM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP ASM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP DNS | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 | Low | vCMP \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP PEM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.6.0 - 11.6.1 | Low | vCMP \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.1.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.0.2 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-12-20T21:32:00", "published": "2017-02-24T01:34:00", "id": "F5:K52697522", "href": "https://support.f5.com/csp/article/K52697522", "title": "libarchive vulnerability CVE-2016-8689", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-06-15T00:42:14", "bulletinFamily": "software", "cvelist": ["CVE-2016-8688"], "description": "\nF5 Product Development has assigned ID 615226 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H35263486 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP AAM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP AFM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP Analytics | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP APM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP ASM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP DNS | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 | Low | vCMP \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP PEM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.1 | Low | vCMP \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.1.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.0.2 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-12-20T21:32:00", "published": "2017-02-24T01:39:00", "id": "F5:K35263486", "href": "https://support.f5.com/csp/article/K35263486", "title": "libarchive vulnerability CVE-2016-8688", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-06-15T00:42:26", "bulletinFamily": "software", "cvelist": ["CVE-2016-8687"], "description": "\nF5 Product Development has assigned ID 615226 (BIG-IP) and LRS-61102 (LineRate) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H13074505 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen. \n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP AAM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP AFM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP Analytics | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP APM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP ASM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP DNS | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 | Low | vCMP \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | Low | vCMP \nBIG-IP PEM | 13.0.0 | 13.1.0 \n13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | Low | vCMP \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | 13.0.0 | 13.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.0 HF1 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b12.0.0 - 12.1.3 \n11.6.0 - 11.6.1 | Low | vCMP \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.1.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.0.2 | Not vulnerable | None \nLineRate | 2.5.0 - 2.6.1 | None | Low | libarchive \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP\n\nNone\n\nLineRate\n\nWhen using the restore functionality, restore only from trusted backups.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-12-20T21:32:00", "published": "2017-02-24T01:24:00", "id": "F5:K13074505", "href": "https://support.f5.com/csp/article/K13074505", "title": "libarchive vulnerability CVE-2016-8687", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-06-08T00:16:13", "bulletinFamily": "software", "cvelist": ["CVE-2016-5418"], "edition": 1, "description": "\nF5 Product Development has assigned ID 624728 (BIG-IP) and LRS-61037 (LineRate) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H35246595 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen. \n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 11.4.1 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4| Medium| bsdtar \nBIG-IP AAM| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 11.4.1 - 11.5.4| Medium| bsdtar \nBIG-IP AFM| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 11.4.1 - 11.5.4| Medium| bsdtar \nBIG-IP Analytics| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 11.4.1 - 11.5.4 \n11.2.1| Medium| bsdtar \nBIG-IP APM| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 11.4.1 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4| Medium| bsdtar \nBIG-IP ASM| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 11.4.1 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4| Medium| bsdtar \nBIG-IP DNS| 12.0.0 - 12.1.1| None| Medium| bsdtar \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| 11.6.0 - 11.6.1| 11.4.1 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4| Medium| bsdtar \nBIG-IP Link Controller| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 11.4.1 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4| Medium| bsdtar \nBIG-IP PEM| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 11.4.1 - 11.5.4| Medium| bsdtar \nBIG-IP PSM| None| 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| None| Medium| bsdtar \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| 2.5.0 - 2.6.1| None| Low| libarchive \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\n**BIG-IP**\n\nEnsure that only trusted ISO files are uploaded to BIG-IP systems using vCMP.\n\n**LineRate**\n\nOnly use the restore functionality to restore from backups that are trusted.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K14088: vCMP host and compatible guest version matrix](<https://support.f5.com/csp/article/K14088>)\n", "modified": "2017-04-05T00:57:00", "published": "2016-12-08T07:52:00", "href": "https://support.f5.com/csp/article/K35246595", "id": "F5:K35246595", "type": "f5", "title": "libarchive vulnerability CVE-2016-5418", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2020-08-12T01:06:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250", "CVE-2016-7166", "CVE-2016-5418"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3677-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libarchive\nCVE ID : CVE-2016-5418 CVE-2016-6250 CVE-2016-7166\nDebian Bug : 837714\n\nSeveral vulnerabilities were discovered in libarchive, a multi-format\narchive and compression library, which may lead to denial of service\n(memory consumption and application crash), bypass of sandboxing\nrestrictions and overwrite arbitrary files with arbitrary data from an\narchive, or the execution of arbitrary code.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.1.2-11+deb8u3.\n\nWe recommend that you upgrade your libarchive packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2016-09-25T09:50:56", "published": "2016-09-25T09:50:56", "id": "DEBIAN:DSA-3677-1:667B6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00257.html", "title": "[SECURITY] [DSA 3677-1] libarchive security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8687", "CVE-2016-8689", "CVE-2016-8688"], "description": "Package : libarchive\nVersion : 3.0.4-3+wheezy5\nCVE ID : CVE-2016-8687 CVE-2016-8688 CVE-2016-8689\nDebian Bug : 840934 840935 840936\n\n\nAgostino Sarubbo of Gentoo discovered several security vulnerabilities\nin libarchive, a multi-format archive and compression library. An\nattacker could take advantage of these flaws to cause a buffer overflow\nor an out of bounds read using a carefully crafted input file.\n\nCVE-2016-8687\n\n Agostino Sarubbo of Gentoo discovered a possible stack-based buffer\n overflow when printing a filename in bsdtar_expand_char() of util.c.\n\nCVE-2016-8688\n\n Agostino Sarubbo of Gentoo discovered a possible out of bounds read\n when parsing multiple long lines in bid_entry() and detect_form() of\n archive_read_support_format_mtree.c.\n\nCVE-2016-8689\n\n Agostino Sarubbo of Gentoo discovered a possible heap-based buffer\n overflow when reading corrupted 7z files in read_Header() of\n archive_read_support_format_7zip.c.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n3.0.4-3+wheezy5.\n\nWe recommend that you upgrade your libarchive packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\n- -- \nJonas Meurer\n\n", "edition": 3, "modified": "2016-10-17T20:53:05", "published": "2016-10-17T20:53:05", "id": "DEBIAN:DLA-661-1:2AD6A", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201610/msg00016.html", "title": "[SECURITY] [DLA 661-1] libarchive security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:05:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8687", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-8915", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "description": "Package : libarchive\nVersion : 3.1.2-11+deb8u4\nCVE ID : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688\n CVE-2016-8689 CVE-2016-10209 CVE-2016-10349\n CVE-2016-10350 CVE-2017-5601 CVE-2017-14166\n CVE-2017-14501 CVE-2017-14502 CVE-2017-14503\nDebian Bug : 853278 875960 875974 875966 874539 840934\n 840935 861609 859456 861609 784213\n\nMultiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial-of-service (application crash) via\nspecially crafted archive files.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 10, "modified": "2018-11-29T22:33:17", "published": "2018-11-29T22:33:17", "id": "DEBIAN:DLA-1600-1:DC924", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00037.html", "title": "[SECURITY] [DLA 1600-1] libarchive security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:21:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5418"], "description": "Package : libarchive\nVersion : 3.0.4-3+wheezy4\nCVE ID : CVE-2016-5418\nDebian Bug : 837714\n\nIt was found that libarchive mishandled hardlink archive entries of\nnon-zero data size, possibly allowing remote attackers to to write to\narbitrary files via especially crafted archives.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n3.0.4-3+wheezy4.\n\nWe recommend that you upgrade your libarchive packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2016-10-16T10:40:10", "published": "2016-10-16T10:40:10", "id": "DEBIAN:DLA-657-1:F5D95", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201610/msg00013.html", "title": "[SECURITY] [DLA 657-1] libarchive security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:21:27", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5601"], "description": "Package : libarchive\nVersion : 3.0.4-3+wheezy5+deb7u1\nCVE ID : CVE-2017-5601\nDebian Bug : #853278\n\nIt was discovered that there was a heap buffer overflow in libarchive,\na multi-format archive and compression library.\n\nFor Debian 7 &quot;Wheezy&quot;, this issue has been fixed in libarchive version\n3.0.4-3+wheezy5+deb7u1.\n\nWe recommend that you upgrade your libarchive packages.\n\n\nRegards,\n\n- -- \n ,&#x27;&#x27;`.\n : :&#x27; : Chris Lamb\n `. `&#x27;` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 3, "modified": "2017-01-31T07:47:10", "published": "2017-01-31T07:47:10", "id": "DEBIAN:DLA-810-1:E07AE", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201701/msg00047.html", "title": "[SECURITY] [DLA 810-1] libarchive security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:21:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7166", "CVE-2015-8915"], "description": "Package : libarchive\nVersion : 3.0.4-3+wheezy3\nCVE ID : CVE-2015-8915 CVE-2016-7166\nDebian Bug : 784213\n\n\nSeveral security vulnerabilities have been discovered in libarchive,\na multi-format archive and compression library. An attacker could\ntake advantage of these flaws to cause an out of bounds read or a\ndenial of service against an application using the libarchive12\nlibrary using a carefully crafted input file.\n\nCVE-2015-8915\n\n Paris Zoumpouloglou of Project Zero labs discovered a flaw in\n libarchive bsdtar. Using a crafted file bsdtar can perform an\n out-of-bounds memory read which will lead to a SEGFAULT.\n\nCVE-2016-7166\n\n Alexander Cherepanov discovered a flaw in libarchive compression\n handling. Using a crafted gzip file, one can get libarchive to\n invoke an infinite chain of gzip compressors until all the memory\n has been exhausted or another resource limit kicks in.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n3.0.4-3+wheezy3.\n\nWe recommend that you upgrade your libarchive packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\n- -- \nJonas Meurer\n\n", "edition": 3, "modified": "2016-09-10T16:46:26", "published": "2016-09-10T16:46:26", "id": "DEBIAN:DLA-617-1:AAA4D", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201609/msg00010.html", "title": "[SECURITY] [DLA 617-1] libarchive security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8687", "CVE-2016-8688", "CVE-2016-8689"], "description": "Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. ", "modified": "2016-12-11T00:31:07", "published": "2016-12-11T00:31:07", "id": "FEDORA:EB6D96091F31", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mingw-libarchive-3.2.2-1.fc25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250"], "description": "XZ Utils are an attempt to make LZMA compression easy to use on free (as in freedom) operating systems. This is achieved by providing tools and librari es which are similar to use than the equivalents of the most popular existing compression algorithms. LZMA is a general purpose compression algorithm designed by Igor Pavlov as part of 7-Zip. It provides high compression ratio while keeping the decompression speed fast. ", "modified": "2016-08-16T19:28:58", "published": "2016-08-16T19:28:58", "id": "FEDORA:B4D076014623", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-xz-5.2.2-3.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250"], "description": "Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. ", "modified": "2016-08-16T19:28:58", "published": "2016-08-16T19:28:58", "id": "FEDORA:ABB636087C38", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-libarchive-3.2.1-2.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250"], "description": "Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. ", "modified": "2016-07-27T18:59:35", "published": "2016-07-27T18:59:35", "id": "FEDORA:B80866087584", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: libarchive-3.2.1-3.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10209", "CVE-2017-5601"], "description": "Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. ", "modified": "2017-04-21T14:33:11", "published": "2017-04-21T14:33:11", "id": "FEDORA:EDB83609A17D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: libarchive-3.2.2-4.fc26", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10209", "CVE-2017-5601"], "description": "Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. ", "modified": "2017-04-22T09:24:56", "published": "2017-04-22T09:24:56", "id": "FEDORA:AC8CA6076F6C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libarchive-3.2.2-2.fc25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5418"], "description": "OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418)\n\nRed Hat would like to thank Insomnia Security for reporting this issue.", "modified": "2016-09-15T00:32:46", "published": "2016-09-12T21:25:20", "id": "RHSA-2016:1852", "href": "https://access.redhat.com/errata/RHSA-2016:1852", "type": "redhat", "title": "(RHSA-2016:1852) Important: Red Hat OpenShift Enterprise 3.1 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5418"], "description": "OpenShift Enterprise by Red Hat is the company's cloud computing Platform-\nas-a-Service (PaaS) solution designed for on-premise or private cloud \ndeployments.\n\nSecurity Fix(es):\n\n* When processing an archive file that contains an archive entry with type 1 (hardlink) but also having a non-zero data size a file overwrite can occur. This would allow an attacker that can pass data to an application that uses libarchive to unpack it to overwrite arbitrary files with arbitrary data. (CVE-2016-5418)\n\nRed Hat would like to thank Insomnia Security for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, pods that had a resource request of 0 and specified limits were classified as BestEffort when they should have been classified as Burstable. This bug fix ensures that those pods are correctly classified as Burstable.(BZ#1357475)\n\n* Future versions of docker will require containerized installations of OpenShift Container Platform to mount /var/lib/origin with the `rslave` flag. New installations of OpenShift Container Platform 3.2 have this value set. However, upgrades from 3.1 did not properly set this value. This bug fix ensures that this flag is now set during upgrades, ensuring that OpenShift Container Platform works properly under future versions of docker. (BZ#1358197)\n\n* The PersistentVolumeLabel admission plug-in is now enabled by default. This plug-in labels AWS and GCE volumes with their zone so the scheduler can limit the nodes for a pod to only those in the same zone as the persistent volumes being used by the pod. (BZ#1365600)\n\n* Previously, heapster incorrectly generated error messages indicating that it \"Failed to find node\". This bug fix corrects that error and ensures that erroneous warnings are generated.(BZ#1366367)\n\n* The deployment controllers' resync interval can now be configured. The previously hard-coded 2-minute default is the likely cause of performance regressions when thousands of deploymentconfigs are present in the system. Increase the resync interval by setting deploymentControllerResyncMinute in /etc/origin/master/master-config.yaml.(BZ#1366381)\n\n* Previously, AWS-related environment variables were removed from /etc/sysconfig/atomic-openshift-master files during an upgrade if these values were not included in the advanced installer's inventory file. This bug fix ensures that these variables are now preserved during upgrades. (BZ#1370641)\n\n* Previously, updates to the containerized atomic-openshift-node service were not properly reloaded during upgrades. This bug fix corrects this error and ensures that the service is reloaded during upgrades. (BZ#1371708)\n\n* Previously the installer did not properly configure an environment for flannel when openshift_use_flannel was set to `true`. This bug fix corrects those errors and the installer will now correctly deploy environments using flannel. (BZ#1372026)", "modified": "2016-09-14T22:46:13", "published": "2016-09-12T21:25:58", "id": "RHSA-2016:1853", "href": "https://access.redhat.com/errata/RHSA-2016:1853", "type": "redhat", "title": "(RHSA-2016:1853) Important: Red Hat OpenShift Enterprise 3.2 security update and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8920", "CVE-2015-8921", "CVE-2015-8932", "CVE-2016-4809", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-7166"], "description": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418)\n\n* Multiple out-of-bounds read flaws were found in libarchive. Specially crafted AR or MTREE files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8920, CVE-2015-8921)\n\n* A denial of service vulnerability was found in libarchive's handling of GZIP streams. A crafted GZIP file could cause libarchive to allocate an excessive amount of memory, eventually leading to a crash. (CVE-2016-7166)\n\n* A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809)\n\n* Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted Compress streams or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8932, CVE-2016-5844)\n\nRed Hat would like to thank Insomnia Security for reporting CVE-2016-5418.", "modified": "2018-06-06T20:24:15", "published": "2016-09-12T19:10:17", "id": "RHSA-2016:1850", "href": "https://access.redhat.com/errata/RHSA-2016:1850", "type": "redhat", "title": "(RHSA-2016:1850) Important: libarchive security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8916", "CVE-2015-8917", "CVE-2015-8919", "CVE-2015-8920", "CVE-2015-8921", "CVE-2015-8922", "CVE-2015-8923", "CVE-2015-8924", "CVE-2015-8925", "CVE-2015-8926", "CVE-2015-8928", "CVE-2015-8930", "CVE-2015-8931", "CVE-2015-8932", "CVE-2015-8934", "CVE-2016-1541", "CVE-2016-4300", "CVE-2016-4302", "CVE-2016-4809", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-6250", "CVE-2016-7166"], "description": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418)\n\n* Multiple out-of-bounds write flaws were found in libarchive. Specially crafted ZIP, 7ZIP, or RAR files could cause a heap overflow, potentially allowing code execution in the context of the application using libarchive. (CVE-2016-1541, CVE-2016-4300, CVE-2016-4302)\n\n* Multiple out-of-bounds read flaws were found in libarchive. Specially crafted LZA/LZH, AR, MTREE, ZIP, TAR, or RAR files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8934)\n\n* Multiple NULL pointer dereference flaws were found in libarchive. Specially crafted RAR, CAB, or 7ZIP files could cause an application using libarchive to crash. (CVE-2015-8916, CVE-2015-8917, CVE-2015-8922)\n\n* Multiple infinite loop / resource exhaustion flaws were found in libarchive. Specially crafted GZIP or ISO files could cause the application to consume an excessive amount of resources, eventually leading to a crash on memory exhaustion. (CVE-2016-7166, CVE-2015-8930)\n\n* A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in libarchive's construction of ISO9660 volumes. Attempting to create an ISO9660 volume with 2 GB or 4 GB file names could cause the application to attempt to allocate 20 GB of memory. If this were to succeed, it could lead to an out of bounds write on the heap and potential code execution. (CVE-2016-6250)\n\n* Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted MTREE archives, Compress streams, or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8931, CVE-2015-8932, CVE-2016-5844)\n\nRed Hat would like to thank Insomnia Security for reporting CVE-2016-5418.", "modified": "2018-04-12T03:32:44", "published": "2016-09-12T19:10:21", "id": "RHSA-2016:1844", "href": "https://access.redhat.com/errata/RHSA-2016:1844", "type": "redhat", "title": "(RHSA-2016:1844) Important: libarchive security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7166", "CVE-2015-8921", "CVE-2016-5418", "CVE-2016-5844", "CVE-2015-8920", "CVE-2015-8932", "CVE-2016-4809"], "description": "[2.8.3-7]\n- Fixes variation of CVE-2016-5418: Hard links could include '..' in their path.\n[2.8.3-6]\n- Fixes CVE-2016-5418: Archive Entry with type 1 (hardlink) causes file overwrite (#1365774)\n[2.8.3-5]\n- enable testsuite\n- CVE batch in summer 2016", "edition": 4, "modified": "2016-09-12T00:00:00", "published": "2016-09-12T00:00:00", "id": "ELSA-2016-1850", "href": "http://linux.oracle.com/errata/ELSA-2016-1850.html", "title": "libarchive security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-10-22T17:10:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250", "CVE-2015-8923", "CVE-2016-7166", "CVE-2015-8917", "CVE-2015-8921", "CVE-2015-8926", "CVE-2015-8919", "CVE-2015-8934", "CVE-2016-5418", "CVE-2016-5844", "CVE-2015-8930", "CVE-2015-8920", "CVE-2015-8924", "CVE-2015-8932", "CVE-2016-4809", "CVE-2015-8928", "CVE-2015-8916", "CVE-2016-4302", "CVE-2015-8925", "CVE-2016-1541", "CVE-2016-4300", "CVE-2015-8922", "CVE-2015-8931"], "description": "[3.1.2-10]\n- Fixes variation of CVE-2016-5418: Hard links could include '..' in their path.\n[3.1.2-9]\n- Fixes CVE-2016-5418: Archive Entry with type 1 (hardlink) causes file overwrite (#1365777)\n[3.1.2-8]\n- a bunch of security fixes (rhbz#1353065)", "edition": 5, "modified": "2016-09-12T00:00:00", "published": "2016-09-12T00:00:00", "id": "ELSA-2016-1844", "href": "http://linux.oracle.com/errata/ELSA-2016-1844.html", "title": "libarchive security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7166", "CVE-2015-8921", "CVE-2016-5418", "CVE-2016-5844", "CVE-2015-8920", "CVE-2015-8932", "CVE-2016-4809"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1850\n\n\nThe libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418)\n\n* Multiple out-of-bounds read flaws were found in libarchive. Specially crafted AR or MTREE files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8920, CVE-2015-8921)\n\n* A denial of service vulnerability was found in libarchive's handling of GZIP streams. A crafted GZIP file could cause libarchive to allocate an excessive amount of memory, eventually leading to a crash. (CVE-2016-7166)\n\n* A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809)\n\n* Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted Compress streams or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8932, CVE-2016-5844)\n\nRed Hat would like to thank Insomnia Security for reporting CVE-2016-5418.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034105.html\n\n**Affected packages:**\nlibarchive\nlibarchive-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1850.html", "edition": 3, "modified": "2016-09-15T22:26:12", "published": "2016-09-15T22:26:12", "href": "http://lists.centos.org/pipermail/centos-announce/2016-September/034105.html", "id": "CESA-2016:1850", "title": "libarchive security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:29:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250", "CVE-2015-8923", "CVE-2016-7166", "CVE-2015-8917", "CVE-2015-8921", "CVE-2015-8926", "CVE-2015-8919", "CVE-2015-8934", "CVE-2016-5418", "CVE-2016-5844", "CVE-2015-8930", "CVE-2015-8920", "CVE-2015-8924", "CVE-2015-8932", "CVE-2016-4809", "CVE-2015-8928", "CVE-2015-8916", "CVE-2016-4302", "CVE-2015-8925", "CVE-2016-1541", "CVE-2016-4300", "CVE-2015-8922", "CVE-2015-8931"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1844\n\n\nThe libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418)\n\n* Multiple out-of-bounds write flaws were found in libarchive. Specially crafted ZIP, 7ZIP, or RAR files could cause a heap overflow, potentially allowing code execution in the context of the application using libarchive. (CVE-2016-1541, CVE-2016-4300, CVE-2016-4302)\n\n* Multiple out-of-bounds read flaws were found in libarchive. Specially crafted LZA/LZH, AR, MTREE, ZIP, TAR, or RAR files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8934)\n\n* Multiple NULL pointer dereference flaws were found in libarchive. Specially crafted RAR, CAB, or 7ZIP files could cause an application using libarchive to crash. (CVE-2015-8916, CVE-2015-8917, CVE-2015-8922)\n\n* Multiple infinite loop / resource exhaustion flaws were found in libarchive. Specially crafted GZIP or ISO files could cause the application to consume an excessive amount of resources, eventually leading to a crash on memory exhaustion. (CVE-2016-7166, CVE-2015-8930)\n\n* A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in libarchive's construction of ISO9660 volumes. Attempting to create an ISO9660 volume with 2 GB or 4 GB file names could cause the application to attempt to allocate 20 GB of memory. If this were to succeed, it could lead to an out of bounds write on the heap and potential code execution. (CVE-2016-6250)\n\n* Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted MTREE archives, Compress streams, or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8931, CVE-2015-8932, CVE-2016-5844)\n\nRed Hat would like to thank Insomnia Security for reporting CVE-2016-5418.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034111.html\n\n**Affected packages:**\nbsdcpio\nbsdtar\nlibarchive\nlibarchive-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1844.html", "edition": 3, "modified": "2016-09-16T00:18:58", "published": "2016-09-16T00:18:58", "href": "http://lists.centos.org/pipermail/centos-announce/2016-September/034111.html", "id": "CESA-2016:1844", "title": "bsdcpio, bsdtar, libarchive security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2017-01-01T22:15:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250", "CVE-2015-8923", "CVE-2016-7166", "CVE-2015-8918", "CVE-2016-8687", "CVE-2015-8917", "CVE-2015-8921", "CVE-2015-8926", "CVE-2015-8919", "CVE-2015-8929", "CVE-2015-8934", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-4301", "CVE-2015-8930", "CVE-2015-8927", "CVE-2016-8689", "CVE-2015-8920", "CVE-2015-8924", "CVE-2015-8932", "CVE-2015-2304", "CVE-2016-4809", "CVE-2015-8928", "CVE-2015-8916", "CVE-2015-8915", "CVE-2015-8933", "CVE-2016-4302", "CVE-2015-8925", "CVE-2016-8688", "CVE-2016-1541", "CVE-2016-4300", "CVE-2015-8922", "CVE-2015-8931"], "edition": 1, "description": "### Background\n\nlibarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted archive file possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libarchive users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/libarchive-3.2.2\"", "modified": "2017-01-01T00:00:00", "published": "2017-01-01T00:00:00", "href": "https://security.gentoo.org/glsa/201701-03", "id": "GLSA-201701-03", "type": "gentoo", "title": "libarchive: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:10", "bulletinFamily": "info", "cvelist": ["CVE-2016-8687", "CVE-2017-2359", "CVE-2017-2360", "CVE-2017-2370"], "description": "Apple today released new versions of iOS and macOS Sierra and addressed some overlapping code execution vulnerabilities in both its mobile and desktop operating systems.\n\nThe updates were part of a bigger release of security updates from Apple that also included Safari, iCloud for Windows, and watchOS.\n\nThe most critical of the bugs were a pair of kernel vulnerabilities, CVE-2017-2370 and CVE-2017-2360, which could allow a malicious application to execute code with the highest kernel privileges. The two bugs, a buffer overflow and use-after-free vulnerability, were reported by Google Project Zero\u2019s Ian Beer and were patched in [iOS 10.2.1](<https://support.apple.com/en-us/HT207482%5D>) and [macOS Sierra 10.12.3](<https://support.apple.com/en-us/HT207483>).\n\nA critical libarchive buffer overflow vulnerability, CVE-2016-8687, was also patched in iOS and macOS Sierra.\n\n\u201cUnpacking a maliciously crafted archive may lead to arbitrary code execution,\u201d Apple said.\n\nApple also patched 11 vulnerabilities in the iOS implementation of WebKit, a half-dozen of which lead to arbitrary code execution, while three others attackers could abuse with crafted web content to exfiltrate data cross-origin.\n\nMany of the same Webkit vulnerabilities were also patched in Safari, which was updated to version [10.0.3](<https://support.apple.com/en-us/HT207484>).\n\nRounding out the iOS update, Apple patched a flaw in Auto Unlock that could unlock when Apple Watch is off the user\u2019s wrist, along with an issue that could crash the Contacts application, and another Wi-Fi issue that could show a user\u2019s home screen even if the device is locked.\n\nThe macOS Sierra update also patched code execution vulnerabilities in other components, including its Bluetooth implementation and Graphics Drivers (code execution with kernel privileges), Help Viewer, and the Vim text editor.\n\nThe Safari update also patched a vulnerability in the address bar, CVE-2017-2359, that could be exploited if visiting a malicious website, allowing an attacker to spoof the URL.\n\ntvOS was updated to version [10.1.1](<https://support.apple.com/en-us/HT207485>), and the same kernel, libarchive and webkit vulnerabilities present in iOS were patched in the Apple TV OS (4th generation).\n\nThe watchOS update, [3.1.3](<https://support.apple.com/en-us/HT207487>), was a sizable one as well with patches for 33 CVEs, including 17 code execution vulnerability.\n\nThe [iCloud for Windows 6.1.1](<https://support.apple.com/en-us/HT207481>) update, for Windows 7 and later, also patched four Webkit vulnerabilities addressed in other product updates, all off which lead to arbitrary code execution.\n", "modified": "2017-01-23T21:35:50", "published": "2017-01-23T16:35:50", "id": "THREATPOST:6D7DC234BA4C8D630208866829F1B637", "href": "https://threatpost.com/apple-patches-critical-kernel-vulnerabilities/123272/", "type": "threatpost", "title": "Apple Patches Critical Kernel Vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6250", "CVE-2015-8923", "CVE-2016-7166", "CVE-2015-8917", "CVE-2015-8921", "CVE-2015-8926", "CVE-2015-8919", "CVE-2015-8934", "CVE-2016-5418", "CVE-2016-5844", "CVE-2015-8930", "CVE-2015-8920", "CVE-2015-8924", "CVE-2015-8932", "CVE-2016-4809", "CVE-2015-8928", "CVE-2015-8916", "CVE-2016-4302", "CVE-2015-8925", "CVE-2016-1541", "CVE-2016-4300", "CVE-2015-8922", "CVE-2015-8931"], "description": "**Issue Overview:**\n\nA flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. ([CVE-2016-5418 __](<https://access.redhat.com/security/cve/CVE-2016-5418>))\n\nMultiple out-of-bounds write flaws were found in libarchive. Specially crafted ZIP, 7ZIP, or RAR files could cause a heap overflow, potentially allowing code execution in the context of the application using libarchive. ([CVE-2016-1541 __](<https://access.redhat.com/security/cve/CVE-2016-1541>), [CVE-2016-4300 __](<https://access.redhat.com/security/cve/CVE-2016-4300>), [CVE-2016-4302 __](<https://access.redhat.com/security/cve/CVE-2016-4302>))\n\nMultiple out-of-bounds read flaws were found in libarchive. Specially crafted LZA/LZH, AR, MTREE, ZIP, TAR, or RAR files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. ([CVE-2015-8919 __](<https://access.redhat.com/security/cve/CVE-2015-8919>), [CVE-2015-8920 __](<https://access.redhat.com/security/cve/CVE-2015-8920>), [CVE-2015-8921 __](<https://access.redhat.com/security/cve/CVE-2015-8921>), [CVE-2015-8923 __](<https://access.redhat.com/security/cve/CVE-2015-8923>), [CVE-2015-8924 __](<https://access.redhat.com/security/cve/CVE-2015-8924>), [CVE-2015-8925 __](<https://access.redhat.com/security/cve/CVE-2015-8925>), [CVE-2015-8926 __](<https://access.redhat.com/security/cve/CVE-2015-8926>), [CVE-2015-8928 __](<https://access.redhat.com/security/cve/CVE-2015-8928>), [CVE-2015-8934 __](<https://access.redhat.com/security/cve/CVE-2015-8934>))\n\nMultiple NULL pointer dereference flaws were found in libarchive. Specially crafted RAR, CAB, or 7ZIP files could cause an application using libarchive to crash. ([CVE-2015-8916 __](<https://access.redhat.com/security/cve/CVE-2015-8916>), [CVE-2015-8917 __](<https://access.redhat.com/security/cve/CVE-2015-8917>), [CVE-2015-8922 __](<https://access.redhat.com/security/cve/CVE-2015-8922>))\n\nMultiple infinite loop / resource exhaustion flaws were found in libarchive. Specially crafted GZIP or ISO files could cause the application to consume an excessive amount of resources, eventually leading to a crash on memory exhaustion. ([CVE-2016-7166 __](<https://access.redhat.com/security/cve/CVE-2016-7166>), [CVE-2015-8930 __](<https://access.redhat.com/security/cve/CVE-2015-8930>))\n\nA denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. ([CVE-2016-4809 __](<https://access.redhat.com/security/cve/CVE-2016-4809>))\n\nAn integer overflow flaw, leading to a buffer overflow, was found in libarchive's construction of ISO9660 volumes. Attempting to create an ISO9660 volume with 2 GB or 4 GB file names could cause the application to attempt to allocate 20 GB of memory. If this were to succeed, it could lead to an out of bounds write on the heap and potential code execution. ([CVE-2016-6250 __](<https://access.redhat.com/security/cve/CVE-2016-6250>))\n\nMultiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted MTREE archives, Compress streams, or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. ([CVE-2015-8931 __](<https://access.redhat.com/security/cve/CVE-2015-8931>), [CVE-2015-8932 __](<https://access.redhat.com/security/cve/CVE-2015-8932>), [CVE-2016-5844 __](<https://access.redhat.com/security/cve/CVE-2016-5844>)) \n\n\n \n**Affected Packages:** \n\n\nlibarchive\n\n \n**Issue Correction:** \nRun _yum update libarchive_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n libarchive-devel-3.1.2-10.11.amzn1.i686 \n bsdtar-3.1.2-10.11.amzn1.i686 \n libarchive-3.1.2-10.11.amzn1.i686 \n bsdcpio-3.1.2-10.11.amzn1.i686 \n libarchive-debuginfo-3.1.2-10.11.amzn1.i686 \n \n src: \n libarchive-3.1.2-10.11.amzn1.src \n \n x86_64: \n bsdtar-3.1.2-10.11.amzn1.x86_64 \n libarchive-devel-3.1.2-10.11.amzn1.x86_64 \n libarchive-3.1.2-10.11.amzn1.x86_64 \n bsdcpio-3.1.2-10.11.amzn1.x86_64 \n libarchive-debuginfo-3.1.2-10.11.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-09-27T10:30:00", "published": "2016-09-27T10:30:00", "id": "ALAS-2016-743", "href": "https://alas.aws.amazon.com/ALAS-2016-743.html", "title": "Important: libarchive", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}