Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2021 Greenbone AGOPENVAS:13614125623114201836402
HistoryApr 19, 2021 - 12:00 a.m.

SUSE: Security Advisory (SUSE-SU-2018:3640-2)

2021-04-1900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
2

6.9 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.0%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2018.3640.2");
  script_cve_id("CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503");
  script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
  script_version("2024-02-02T14:37:50+0000");
  script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-09-20 17:57:22 +0000 (Wed, 20 Sep 2017)");

  script_name("SUSE: Security Advisory (SUSE-SU-2018:3640-2)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP4)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2018:3640-2");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'libarchive' package(s) announced via the SUSE-SU-2018:3640-2 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for libarchive fixes the following issues:
CVE-2016-10209: The archive_wstring_append_from_mbs function in
 archive_string.c allowed remote attackers to cause a denial of service
 (NULL pointer dereference and application crash) via a crafted archive
 file. (bsc#1032089)

CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed
 remote attackers to cause a denial of service (heap-based buffer
 over-read and application crash) via a crafted file. (bsc#1037008)

CVE-2016-10350: The archive_read_format_cab_read_header function in
 archive_read_support_format_cab.c allowed remote attackers to cause a
 denial of service (heap-based buffer over-read and application crash)
 via a crafted file. (bsc#1037009)

CVE-2017-14166: libarchive allowed remote attackers to cause a denial of
 service (xml_data heap-based buffer over-read and application crash) via
 a crafted xar archive, related to the mishandling of empty strings in
 the atol8 function in archive_read_support_format_xar.c. (bsc#1057514)

CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in
 archive_read_support_format_iso9660.c when extracting a specially
 crafted iso9660 iso file, related to
 archive_read_format_iso9660_read_header. (bsc#1059139)

CVE-2017-14502: read_header in archive_read_support_format_rar.c
 suffered from an off-by-one error for UTF-16 names in RAR archives,
 leading to an out-of-bounds read in archive_read_format_rar_read_header.
 (bsc#1059134)

CVE-2017-14503: libarchive suffered from an out-of-bounds read within
 lha_read_data_none() in archive_read_support_format_lha.c when
 extracting a specially crafted lha archive, related to lha_crc16.
 (bsc#1059100)");

  script_tag(name:"affected", value:"'libarchive' package(s) on SUSE Linux Enterprise Desktop 12-SP4, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES12.0SP4") {

  if(!isnull(res = isrpmvuln(pkg:"libarchive-debugsource", rpm:"libarchive-debugsource~3.1.2~26.3.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libarchive13", rpm:"libarchive13~3.1.2~26.3.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libarchive13-debuginfo", rpm:"libarchive13-debuginfo~3.1.2~26.3.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

nessus 42
openvas 27
suse 2
cloudfoundry 2
ubuntu 2
fedora 4
ibm 7
gentoo 2
osv 12
debian 4
mageia 4
veracode 6
ubuntucve 7
debiancve 7
alpinelinux 4
redhatcve 7
cve 8
prion 8
rocky 1
f5 1
redhat 14
oraclelinux 2
amazon 2
centos 1
nessus
nessus
SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-2)
2018-12-10 00:00:00
openSUSE Security Update : libarchive (openSUSE-2018-1366)
2018-11-10 00:00:00
SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-1)
2018-11-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:3640-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for libarchive (openSUSE-SU-2018:3717-1)
2018-11-10 00:00:00
Fedora Update for libarchive FEDORA-2018-20c24949c0
2018-12-04 00:00:00
suse
suse
Security update for libarchive (moderate)
2018-11-10 00:29:34
Security update for libarchive (moderate)
2018-11-10 00:08:28
cloudfoundry
cloudfoundry
USN-3736-1: libarchive vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3859-1: libarchive vulnerabilities | Cloud Foundry
2019-01-24 00:00:00
ubuntu
ubuntu
libarchive vulnerabilities
2018-08-13 00:00:00
libarchive vulnerabilities
2019-01-15 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: libarchive-3.3.3-1.fc29
2018-10-31 16:42:22
[SECURITY] Fedora 28 Update: libarchive-3.3.3-1.fc28
2018-11-21 03:13:00
[SECURITY] Fedora 25 Update: libarchive-3.2.2-2.fc25
2017-04-22 09:24:56
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503)
2019-03-29 08:10:01
Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2016-8688, CVE-2016-8689, CVE-2017-5601, CVE-2016-10209, CVE-2016-10350, CVE-2016-10349)
2018-08-22 13:38:10
Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service due to libarchive [CVE-2017-14166]
2023-03-28 10:20:14
gentoo
gentoo
libarchive: Multiple vulnerabilities
2019-08-15 00:00:00
libarchive: Multiple vulnerabilities
2017-10-18 00:00:00
osv
osv
libarchive - security update
2018-12-27 00:00:00
libarchive - security update
2018-11-29 00:00:00
libarchive - security update
2017-06-30 00:00:00
debian
debian
[SECURITY] [DSA 4360-1] libarchive security update
2018-12-27 16:40:40
[SECURITY] [DLA 1006-1] libarchive security update
2017-06-30 09:53:29
[SECURITY] [DLA 1600-1] libarchive security update
2018-11-29 22:33:17
mageia
mageia
Updated libarchive packages fix security vulnerabilities
2017-05-07 23:20:23
Updated libarchive packages fix security vulnerabilities
2018-09-01 00:11:59
Updated libarchive packages fix security vulnerability
2017-09-10 15:36:09
veracode
veracode
Denial Of Service (DoS) Through Heap Buffer Overflow
2018-04-18 07:13:15
Heap-based Buffer Overflow
2018-11-23 06:31:49
Out-of-bounds Read
2018-11-23 06:58:38
ubuntucve
ubuntucve
CVE-2017-14501
2017-09-17 00:00:00
CVE-2016-10209
2017-04-03 00:00:00
CVE-2017-14502
2017-09-17 00:00:00
debiancve
debiancve
CVE-2017-14501
2017-09-17 18:29:00
CVE-2017-14166
2017-09-06 18:29:00
CVE-2017-14503
2017-09-17 18:29:00
alpinelinux
alpinelinux
CVE-2017-14501
2017-09-17 18:29:00
CVE-2017-14166
2017-09-06 18:29:00
CVE-2017-14503
2017-09-17 18:29:00
redhatcve
redhatcve
CVE-2017-14166
2017-09-08 14:00:19
CVE-2017-14502
2017-09-22 10:24:05
CVE-2017-14501
2017-09-22 10:24:32
cve
cve
CVE-2017-14166
2017-09-06 18:29:00
CVE-2017-14501
2017-09-17 18:29:00
CVE-2017-14503
2017-09-17 18:29:00
prion
prion
Design/Logic Flaw
2017-09-17 18:29:00
Design/Logic Flaw
2017-09-17 18:29:00
Null pointer dereference
2017-04-03 05:59:00
rocky
rocky
libarchive bug fix and enhancement update
2021-05-18 05:34:11
f5
f5
K18252740 : libarchive vulnerability CVE-2017-14503
2020-12-11 00:00:00
redhat
redhat
(RHSA-2019:3698) Moderate: libarchive security and bug fix update
2019-11-05 20:51:51
(RHSA-2019:2298) Moderate: libarchive security update
2019-08-06 08:22:47
(RHSA-2021:2705) Moderate: Release of OpenShift Serverless 1.16.0
2021-07-13 16:31:04
oraclelinux
oraclelinux
libarchive security update
2019-08-13 00:00:00
libarchive security and bug fix update
2019-11-14 00:00:00
amazon
amazon
Medium: libarchive
2019-10-21 18:01:00
Medium: libarchive
2019-10-08 21:22:00
centos
centos
bsdcpio, bsdtar, libarchive security update
2019-08-30 03:11:04

6.9 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.0%

JSON
Related for OPENVAS:13614125623114201836402
nessus42openvas27suse2cloudfoundry2ubuntu2fedora4ibm7gentoo2osv12debian4mageia4veracode6ubuntucve7debiancve7alpinelinux4redhatcve7cve8prion8rocky1f51redhat14oraclelinux2amazon2centos1