Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-554.NASLHistoryJul 22, 2016 - 12:00 a.m.
Debian DLA-554-1 : libarchive security update
2016-07-2200:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
Several vulnerabilities were discovered in libarchive, a library for reading and writing archives in various formats. An attacker can take advantage of these flaws to cause a denial of service against an application using the libarchive library (application crash), or potentially execute arbitrary code with the privileges of the user running the application.
For Debian 7 ‘Wheezy’, these problems have been fixed in version 3.0.4-3+wheezy2.
We recommend that you upgrade your libarchive packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-554-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(92500);
script_version("2.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-8917", "CVE-2015-8919", "CVE-2015-8920", "CVE-2015-8921", "CVE-2015-8922", "CVE-2015-8923", "CVE-2015-8924", "CVE-2015-8925", "CVE-2015-8926", "CVE-2015-8930", "CVE-2015-8931", "CVE-2015-8932", "CVE-2015-8933", "CVE-2015-8934", "CVE-2016-4300", "CVE-2016-4302", "CVE-2016-4809", "CVE-2016-5844");
script_name(english:"Debian DLA-554-1 : libarchive security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities were discovered in libarchive, a library for
reading and writing archives in various formats. An attacker can take
advantage of these flaws to cause a denial of service against an
application using the libarchive library (application crash), or
potentially execute arbitrary code with the privileges of the user
running the application.
For Debian 7 'Wheezy', these problems have been fixed in version
3.0.4-3+wheezy2.
We recommend that you upgrade your libarchive packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2016/07/msg00016.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/libarchive"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bsdcpio");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bsdtar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libarchive-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libarchive12");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/20");
script_set_attribute(attribute:"patch_publication_date", value:"2016/07/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"bsdcpio", reference:"3.0.4-3+wheezy2")) flag++;
if (deb_check(release:"7.0", prefix:"bsdtar", reference:"3.0.4-3+wheezy2")) flag++;
if (deb_check(release:"7.0", prefix:"libarchive-dev", reference:"3.0.4-3+wheezy2")) flag++;
if (deb_check(release:"7.0", prefix:"libarchive12", reference:"3.0.4-3+wheezy2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | bsdcpio | p-cpe:/a:debian:debian_linux:bsdcpio |
| debian | debian_linux | bsdtar | p-cpe:/a:debian:debian_linux:bsdtar |
| debian | debian_linux | libarchive-dev | p-cpe:/a:debian:debian_linux:libarchive-dev |
| debian | debian_linux | libarchive12 | p-cpe:/a:debian:debian_linux:libarchive12 |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844
lists.debian.org/debian-lts-announce/2016/07/msg00016.html
packages.debian.org/source/wheezy/libarchive
Related
debian
debian
[SECURITY] [DLA 554-1] libarchive security update
2016-07-21 06:11:03
[SECURITY] [DSA 3657-1] libarchive security update
2016-08-30 21:15:39
cloudfoundry
cloudfoundry
USN-3033-1 libarchive vulnerability | Cloud Foundry
2016-08-25 00:00:00
nessus
nessus
Debian DSA-3657-1 : libarchive - security update
2016-08-31 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : libarchive vulnerabilities (USN-3033-1)
2016-07-15 00:00:00
SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2016:1909-1)
2016-08-29 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-554-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3657-1 (libarchive - security update)
2016-09-07 00:00:00
Debian: Security Advisory (DSA-3657-1)
2016-09-07 00:00:00
ubuntu
ubuntu
libarchive vulnerabilities
2016-07-14 00:00:00
suse
suse
Security update for libarchive (important)
2016-08-11 17:13:38
Security update for libarchive (important)
2016-07-29 14:09:01
Security update for bsdtar (important)
2016-08-02 17:08:50
oraclelinux
oraclelinux
libarchive security update
2016-09-12 00:00:00
libarchive security update
2016-09-12 00:00:00
redhat
redhat
(RHSA-2016:1844) Important: libarchive security update
2016-09-12 15:10:21
(RHSA-2016:1850) Important: libarchive security update
2016-09-12 15:10:17
ibm
ibm
Security Bulletin: Vulnerabilities in libarchive affect PowerKVM
2018-06-18 01:33:29
amazon
amazon
Important: libarchive
2016-09-27 10:30:00
centos
centos
bsdcpio, bsdtar, libarchive security update
2016-09-16 00:18:58
libarchive security update
2016-09-15 22:26:12
gentoo
gentoo
libarchive: Multiple vulnerabilities
2017-01-01 00:00:00
mageia
mageia
Updated libarchive packages fix security vulnerability
2016-07-05 18:47:08
f5
f5
K91432940 : libarchive vulnerabilities CVE-2015-8920 and CVE-2016-4809
2016-12-07 00:00:00
K90412202 : libarchive vulnerability CVE-2015-8932
2016-12-08 00:00:00
K24036027 : libarchive vulnerability CVE-2016-5844
2016-12-07 00:00:00
freebsd
freebsd
libarchive -- multiple vulnerabilities
2016-06-23 00:00:00
threatpost
threatpost
Patched libarchive Vulnerabilities Have Big Reach
2016-06-22 16:27:33
prion
prion
Code injection
2016-09-20 14:15:00
Integer overflow
2016-09-20 14:15:00
Out-of-bounds
2016-09-20 14:15:00
redhatcve
redhatcve
cve
cve
veracode
veracode
Undefined Behavior Through Integer Overflow
2018-04-10 07:43:45
Denial Of Service (DoS) Through Stack Buffer Underflow
2019-01-15 09:13:06
Denial Of Service (DoS)
2018-07-31 13:22:06
ubuntucve
ubuntucve
debiancve
debiancve
cvelist
cvelist
osv
osv
alpinelinux
alpinelinux
talos
talos
Libarchive Rar RestartModel Code Execution Vulnerability
2016-06-19 00:00:00
seebug
seebug
Libarchive Rar RestartModel Code Execution Vulnerability(CVE-2016-4302)
2017-10-20 00:00:00
intel
intel
Multiple Intel Software Products impacted by CVE-2016-4300
2016-09-13 00:00:00
Related for DEBIAN_DLA-554.NASL