Vulnerabilities > CVE-2019-1000019 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-C595A93536.NASL
    descriptionSecurity fix for [CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880] ---- Applied various flaws from upsteam Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123766
    published2019-04-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123766
    titleFedora 28 : libarchive (2019-c595a93536)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-c595a93536.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123766);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/23");
    
      script_cve_id("CVE-2018-1000877", "CVE-2018-1000878", "CVE-2018-1000879", "CVE-2018-1000880", "CVE-2019-1000019", "CVE-2019-1000020");
      script_xref(name:"FEDORA", value:"2019-c595a93536");
    
      script_name(english:"Fedora 28 : libarchive (2019-c595a93536)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for [CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879
    CVE-2018-1000880]
    
    ----
    
    Applied various flaws from upsteam
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c595a93536"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libarchive package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libarchive");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"libarchive-3.3.3-6.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libarchive");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2632.NASL
    descriptionThis update for libarchive fixes the following issues : Security issues fixed : - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653). - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654). - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341). - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342). - CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131692
    published2019-12-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131692
    titleopenSUSE Security Update : libarchive (openSUSE-2019-2632)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-2632.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131692);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id("CVE-2018-1000877", "CVE-2018-1000878", "CVE-2019-1000019", "CVE-2019-1000020", "CVE-2019-18408");
    
      script_name(english:"openSUSE Security Update : libarchive (openSUSE-2019-2632)");
      script_summary(english:"Check for the openSUSE-2019-2632 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libarchive fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2018-1000877: Fixed a double free vulnerability in
        RAR decoder (bsc#1120653).
    
      - CVE-2018-1000878: Fixed a Use-After-Free vulnerability
        in RAR decoder (bsc#1120654).
    
      - CVE-2019-1000019: Fixed an Out-Of-Bounds Read
        vulnerability in 7zip decompression (bsc#1124341).
    
      - CVE-2019-1000020: Fixed an Infinite Loop vulnerability
        in ISO9660 parser (bsc#1124342).
    
      - CVE-2019-18408: Fixed a use-after-free in RAR format
        support (bsc#1155079).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124341"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1155079"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libarchive packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bsdtar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bsdtar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"bsdtar-3.3.2-lp151.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"bsdtar-debuginfo-3.3.2-lp151.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libarchive-debugsource-3.3.2-lp151.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libarchive-devel-3.3.2-lp151.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libarchive13-3.3.2-lp151.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libarchive13-debuginfo-3.3.2-lp151.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libarchive13-32bit-3.3.2-lp151.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libarchive13-32bit-debuginfo-3.3.2-lp151.5.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bsdtar / bsdtar-debuginfo / libarchive-debugsource / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2014.NASL
    descriptionAccording to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.(CVE-2017-5601) - read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502) - The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689) - Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687) - OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.(CVE-2018-1000020) - OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.(CVE-2018-1000019) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129207
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129207
    titleEulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2014)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129207);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2016-8687",
        "CVE-2016-8689",
        "CVE-2017-14502",
        "CVE-2017-5601",
        "CVE-2019-1000019",
        "CVE-2019-1000020"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2014)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the libarchive package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - An error in the lha_read_file_header_1() function
        (archive_read_support_format_lha.c) in libarchive 3.2.2
        allows remote attackers to trigger an out-of-bounds
        read memory access and subsequently cause a crash via a
        specially crafted archive.(CVE-2017-5601)
    
      - read_header in archive_read_support_format_rar.c in
        libarchive 3.3.2 suffers from an off-by-one error for
        UTF-16 names in RAR archives, leading to an
        out-of-bounds read in
        archive_read_format_rar_read_header.(CVE-2017-14502)
    
      - The read_Header function in
        archive_read_support_format_7zip.c in libarchive 3.2.1
        allows remote attackers to cause a denial of service
        (out-of-bounds read) via multiple EmptyStream
        attributes in a header in a 7zip
        archive.(CVE-2016-8689)
    
      - Stack-based buffer overflow in the safe_fprintf
        function in tar/util.c in libarchive 3.2.1 allows
        remote attackers to cause a denial of service via a
        crafted non-printable multibyte character in a
        filename.(CVE-2016-8687)
    
      - OpenEMR version 5.0.0 contains a Cross Site Scripting
        (XSS) vulnerability in open-flash-chart.swf and
        _posteddata.php that can result in . This vulnerability
        appears to have been fixed in 5.0.0 Patch 2 or
        higher.(CVE-2018-1000020)
    
      - OpenEMR version 5.0.0 contains a OS Command Injection
        vulnerability in fax_dispatch.php that can result in OS
        command injection by an authenticated attacker with any
        role. This vulnerability appears to have been fixed in
        5.0.0 Patch 2 or higher.(CVE-2018-1000019)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2014
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3830d9c0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libarchive packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libarchive");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libarchive-3.1.2-10.h3"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libarchive");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_LIBARCHIVE_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) - libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) - libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) - libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service (CVE-2019-1000020) - libarchive: Out-of-bounds read in lha_read_data_none (CVE-2017-14503)
    last seen2020-03-18
    modified2019-08-27
    plugin id128228
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128228
    titleScientific Linux Security Update : libarchive on SL7.x x86_64 (20190806)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128228);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2017-14503", "CVE-2018-1000877", "CVE-2018-1000878", "CVE-2019-1000019", "CVE-2019-1000020");
    
      script_name(english:"Scientific Linux Security Update : libarchive on SL7.x x86_64 (20190806)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - libarchive: Double free in RAR decoder resulting in a
        denial of service (CVE-2018-1000877)
    
      - libarchive: Use after free in RAR decoder resulting in a
        denial of service (CVE-2018-1000878)
    
      - libarchive: Out of bounds read in
        archive_read_support_format_7zip.c resulting in a denial
        of service (CVE-2019-1000019)
    
      - libarchive: Infinite recursion in
        archive_read_support_format_iso9660.c resulting in
        denial of service (CVE-2019-1000020)
    
      - libarchive: Out-of-bounds read in lha_read_data_none
        (CVE-2017-14503)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=29325
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?55155110"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bsdcpio");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bsdtar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive-devel");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bsdcpio-3.1.2-12.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bsdtar-3.1.2-12.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libarchive-3.1.2-12.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libarchive-debuginfo-3.1.2-12.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libarchive-devel-3.1.2-12.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bsdcpio / bsdtar / libarchive / libarchive-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2615.NASL
    descriptionThis update for libarchive fixes the following issues : Security issues fixed : - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653). - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654). - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341). - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342). - CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131685
    published2019-12-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131685
    titleopenSUSE Security Update : libarchive (openSUSE-2019-2615)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1714.NASL
    descriptionAccording to the versions of the libarchive package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (
    last seen2020-06-01
    modified2020-06-02
    plugin id126556
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126556
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libarchive (EulerOS-SA-2019-1714)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0227_LIBARCHIVE.NASL
    descriptionAn update of the libarchive package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id124863
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124863
    titlePhoton OS 1.0: Libarchive PHSA-2019-1.0-0227
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1725.NASL
    descriptionAccording to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.(CVE-2018-1000020) - OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.(CVE-2018-1000019) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-23
    plugin id126930
    published2019-07-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126930
    titleEulerOS 2.0 SP2 : libarchive (EulerOS-SA-2019-1725)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1681.NASL
    descriptionAccording to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.(CVE-2019-1000019) - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (
    last seen2020-06-01
    modified2020-06-02
    plugin id126929
    published2019-07-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126929
    titleEulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-1681)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0015_LIBARCHIVE.NASL
    descriptionAn update of the libarchive package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126114
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126114
    titlePhoton OS 3.0: Libarchive PHSA-2019-3.0-0015
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3093-1.NASL
    descriptionThis update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653). CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654). CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341). CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342). CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131554
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131554
    titleSUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:3093-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0248_LIBARCHIVE.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libarchive packages installed that are affected by multiple vulnerabilities: - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. (CVE-2018-1000877) - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. (CVE-2018-1000878) - libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of- bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. (CVE-2019-1000019) - libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (CVE-2017-14503) - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (
    last seen2020-06-01
    modified2020-06-02
    plugin id132509
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132509
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : libarchive Multiple Vulnerabilities (NS-SA-2019-0248)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-0233EC0FF3.NASL
    descriptionSecurity fix for [CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880] ---- Applied various flaws from upsteam Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123098
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123098
    titleFedora 29 : libarchive (2019-0233ec0ff3)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0201_LIBARCHIVE.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libarchive packages installed that are affected by multiple vulnerabilities: - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. (CVE-2018-1000877) - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. (CVE-2018-1000878) - libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of- bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. (CVE-2019-1000019) - libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (CVE-2017-14503) - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (
    last seen2020-06-01
    modified2020-06-02
    plugin id129902
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129902
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : libarchive Multiple Vulnerabilities (NS-SA-2019-0201)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1488.NASL
    descriptionAccording to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (
    last seen2020-04-30
    modified2020-04-16
    plugin id135650
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135650
    titleEulerOS Virtualization 3.0.2.2 : libarchive (EulerOS-SA-2020-1488)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1308.NASL
    descriptionlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503) libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415 Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.(CVE-2018-1000877) libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416 Use After Free vulnerability in RAR decoder, libarchive/archive_read_support_format_rar.c that can result in Crash/DoS, it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.(CVE-2018-1000878) libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125 Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.(CVE-2019-1000019) libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835 Loop with Unreachable Exit Condition (
    last seen2020-06-01
    modified2020-06-02
    plugin id129798
    published2019-10-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129798
    titleAmazon Linux AMI : libarchive (ALAS-2019-1308)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1325.NASL
    descriptionlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503) libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.(CVE-2018-1000877) libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.(CVE-2018-1000878) libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.(CVE-2019-1000019) libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (
    last seen2020-06-01
    modified2020-06-02
    plugin id130222
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130222
    titleAmazon Linux 2 : libarchive (ALAS-2019-1325)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0831-1.NASL
    descriptionThis update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653) CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654) CVE-2018-1000879: Fixed a NULL pointer Dereference vulnerability in ACL parser (bsc#1120656) CVE-2018-1000880: Fixed an Improper Input Validation vulnerability in WARC parser (bsc#1120659) CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341) CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123636
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123636
    titleSUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:0831-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3884-1.NASL
    descriptionIt was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1000019, CVE-2019-1000020). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122054
    published2019-02-08
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122054
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : libarchive vulnerabilities (USN-3884-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2298.NASL
    descriptionAn update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) * libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) * libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service (CVE-2019-1000020) * libarchive: Out-of-bounds read in lha_read_data_none (CVE-2017-14503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127709
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127709
    titleRHEL 7 : libarchive (RHSA-2019:2298)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-FBE83D0E32.NASL
    descriptionSecurity fix for [CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880] ---- Applied various flaws from upsteam Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124557
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124557
    titleFedora 30 : libarchive (2019-fbe83d0e32)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3092-1.NASL
    descriptionThis update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653). CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654). CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341). CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342). CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131553
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131553
    titleSUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2019:3092-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3698.NASL
    descriptionAn update for libarchive is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) * libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) * libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service (CVE-2019-1000020) * libarchive: Out-of-bounds read in lha_read_data_none (CVE-2017-14503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130565
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130565
    titleRHEL 8 : libarchive (RHSA-2019:3698)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1668.NASL
    descriptionFuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) CVE-2019-1000020 Vulnerability in ISO9660 parser that can result in DoS by infinite loop (CWE-835) For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id122038
    published2019-02-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122038
    titleDebian DLA-1668-1 : libarchive security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1196.NASL
    descriptionThis update for libarchive fixes the following issues : Security issues fixed : - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653) - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654) - CVE-2018-1000879: Fixed a NULL pointer Dereference vulnerability in ACL parser (bsc#1120656) - CVE-2018-1000880: Fixed an Improper Input Validation vulnerability in WARC parser (bsc#1120659) - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341) - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124051
    published2019-04-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124051
    titleopenSUSE Security Update : libarchive (openSUSE-2019-1196)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2298.NASL
    descriptionAn update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) * libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) * libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service (CVE-2019-1000020) * libarchive: Out-of-bounds read in lha_read_data_none (CVE-2017-14503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128387
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128387
    titleCentOS 7 : libarchive (CESA-2019:2298)

Redhat

advisories
  • rhsa
    idRHSA-2019:2298
  • rhsa
    idRHSA-2019:3698
rpms
  • bsdcpio-0:3.1.2-12.el7
  • bsdtar-0:3.1.2-12.el7
  • libarchive-0:3.1.2-12.el7
  • libarchive-debuginfo-0:3.1.2-12.el7
  • libarchive-devel-0:3.1.2-12.el7
  • bsdcat-debuginfo-0:3.3.2-7.el8
  • bsdcpio-debuginfo-0:3.3.2-7.el8
  • bsdtar-0:3.3.2-7.el8
  • bsdtar-debuginfo-0:3.3.2-7.el8
  • libarchive-0:3.3.2-7.el8
  • libarchive-debuginfo-0:3.3.2-7.el8
  • libarchive-debugsource-0:3.3.2-7.el8
  • libarchive-devel-0:3.3.2-7.el8

References