Vulnerabilities > CVE-2019-12900 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
bzip
debian
opensuse
canonical
freebsd
python
CWE-787
critical
nessus
NVD
Published: 2019-06-19
Updated: 2023-11-07

Summary

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Vulnerable Configurations

Part Description Count
Application
Bzip
9
Application
Python
119
OS
Debian
1
OS
Opensuse
2
OS
Canonical
5
OS
Freebsd
24

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-5C2DC50262.NASL
    descriptionClamAV 0.101.4 is a security patch release that addresses the following issues. - An out of bounds write was possible within ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id128132
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128132
    titleFedora 30 : clamav (2019-5c2dc50262)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-5c2dc50262.
#

include("compat.inc");

if (description)
{
  script_id(128132);
  script_version("1.3");
  script_cvs_date("Date: 2020/01/02");

  script_cve_id("CVE-2019-12625", "CVE-2019-12900");
  script_xref(name:"FEDORA", value:"2019-5c2dc50262");

  script_name(english:"Fedora 30 : clamav (2019-5c2dc50262)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"ClamAV 0.101.4 is a security patch release that addresses the
following issues.

  - An out of bounds write was possible within ClamAV's NSIS
    bzip2 library when attempting decompression in cases
    where the number of selectors exceeded the max limit set
    by the library (CVE-2019-12900). The issue has been
    resolved by respecting that limit.

    Thanks to Martin Simmons for reporting the issue here.

  - The zip bomb vulnerability mitigated in 0.101.3 has been
    assigned the CVE identifier CVE-2019-12625.
    Unfortunately, a workaround for the zip-bomb mitigation
    was immediately identified. To remediate the zip-bomb
    scan time issue, a scan time limit has been introduced
    in 0.101.4. This limit now resolves ClamAV's
    vulnerability to CVE-2019-12625.

    The default scan time limit is 2 minutes (120000
    milliseconds).

    To customize the time limit :

  - use the clamscan --max-scantime option

  - use the clamd MaxScanTime config option

    Libclamav users may customize the time limit using the
    cl_engine_set_num function. For example :

    C cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME,
    time_limit_milliseconds)

    Thanks to David Fifield for reviewing the zip-bomb
    mitigation in 0.101.3 and reporting the issue.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5c2dc50262"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected clamav package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"clamav-0.101.4-1.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3066-1.NASL
    descriptionThis update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131385
    published2019-11-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131385
    titleSUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:3066-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:3066-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(131385);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/09");

  script_cve_id("CVE-2019-12625", "CVE-2019-12900");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:3066-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for clamav fixes the following issues :

Security issue fixed :

CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and
heuristics for zips with overlapping files (bsc#1144504).

CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many
selectors (bsc#1149458).

Non-security issues fixed: Added the --max-scantime clamscan option
and MaxScanTime clamd configuration option (bsc#1144504).

Increased the startup timeout of clamd to 5 minutes to cater for the
grown virus database as a workaround until clamd has learned to talk
to systemd to extend the timeout as long as needed (bsc#1151839).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1149458"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1151839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12625/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12900/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20193066-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f4aae87b"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
SUSE-OpenStack-Cloud-Crowbar-8-2019-3066=1

SUSE OpenStack Cloud 8:zypper in -t patch
SUSE-OpenStack-Cloud-8-2019-3066=1

SUSE OpenStack Cloud 7:zypper in -t patch
SUSE-OpenStack-Cloud-7-2019-3066=1

SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
SUSE-SLE-SAP-12-SP3-2019-3066=1

SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
SUSE-SLE-SAP-12-SP2-2019-3066=1

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2019-3066=1

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2019-3066=1

SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2019-3066=1

SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-BCL-2019-3066=1

SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2019-3066=1

SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-BCL-2019-3066=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-3066=1

SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP4-2019-3066=1

SUSE Enterprise Storage 5:zypper in -t patch
SUSE-Storage-5-2019-3066=1

HPE Helion Openstack 8:zypper in -t patch
HPE-Helion-OpenStack-8-2019-3066=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"clamav-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"clamav-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"clamav-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"clamav-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"clamav-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"clamav-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"clamav-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2013-1.NASL
    descriptionThis update for bzip2 fixes the following issues : Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127753
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127753
    titleSUSE SLED12 / SLES12 Security Update : bzip2 (SUSE-SU-2019:2013-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:2013-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(127753);
  script_version("1.3");
  script_cvs_date("Date: 2020/01/06");

  script_cve_id("CVE-2019-12900");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : bzip2 (SUSE-SU-2019:2013-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for bzip2 fixes the following issues :

Fixed a regression with the fix for CVE-2019-12900, which caused
incompatibilities with files that used many selectors (bsc#1139083).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1139083"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12900/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20192013-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?019ff865"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
SUSE-OpenStack-Cloud-Crowbar-8-2019-2013=1

SUSE OpenStack Cloud 8:zypper in -t patch
SUSE-OpenStack-Cloud-8-2019-2013=1

SUSE OpenStack Cloud 7:zypper in -t patch
SUSE-OpenStack-Cloud-7-2019-2013=1

SUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t
patch SUSE-SLE-SDK-12-SP5-2019-2013=1

SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2019-2013=1

SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
SUSE-SLE-SAP-12-SP3-2019-2013=1

SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
SUSE-SLE-SAP-12-SP2-2019-2013=1

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2019-2013=1

SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
SUSE-SLE-SERVER-12-SP5-2019-2013=1

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2019-2013=1

SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2019-2013=1

SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-BCL-2019-2013=1

SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2019-2013=1

SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-BCL-2019-2013=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-2013=1

SUSE Linux Enterprise Desktop 12-SP5:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP5-2019-2013=1

SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP4-2019-2013=1

SUSE Enterprise Storage 5:zypper in -t patch
SUSE-Storage-5-2019-2013=1

SUSE Enterprise Storage 4:zypper in -t patch
SUSE-Storage-4-2019-2013=1

SUSE CaaS Platform 3.0 :

To install this update, use the SUSE CaaS Platform Velum dashboard. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.

HPE Helion Openstack 8:zypper in -t patch
HPE-Helion-OpenStack-8-2019-2013=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bzip2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bzip2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bzip2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libbz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libbz2-1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libbz2-1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4/5", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4/5", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"bzip2-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libbz2-1-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3053-1.NASL
    descriptionThis update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131305
    published2019-11-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131305
    titleSUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:3053-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:3053-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(131305);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/09");

  script_cve_id("CVE-2019-12625", "CVE-2019-12900");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:3053-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for clamav fixes the following issues :

Security issue fixed :

CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and
heuristics for zips with overlapping files (bsc#1144504).

CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many
selectors (bsc#1149458).

Non-security issues fixed: Added the --max-scantime clamscan option
and MaxScanTime clamd configuration option (bsc#1144504).

Increased the startup timeout of clamd to 5 minutes to cater for the
grown virus database as a workaround until clamd has learned to talk
to systemd to extend the timeout as long as needed (bsc#1151839).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1149458"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1151839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12625/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12900/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20193053-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?eda89089"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-SP1-2019-3053=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2019-3053=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclamav7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclamav7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclammspack0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclammspack0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"clamav-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"clamav-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"clamav-debugsource-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"clamav-devel-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libclamav7-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libclamav7-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libclammspack0-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libclammspack0-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-debugsource-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-devel-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libclamav7-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libclamav7-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libclammspack0-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libclammspack0-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"clamav-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"clamav-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"clamav-debugsource-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"clamav-devel-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libclamav7-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libclamav7-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libclammspack0-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libclammspack0-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-debugsource-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-devel-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libclamav7-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libclamav7-debuginfo-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libclammspack0-0.100.3-3.14.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libclammspack0-debuginfo-0.100.3-3.14.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
}
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1782.NASL
    descriptionAccording to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-07-25
    plugin id127019
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127019
    titleEulerOS 2.0 SP8 : bzip2 (EulerOS-SA-2019-1782)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(127019);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");

  script_cve_id(
    "CVE-2019-12900"
  );

  script_name(english:"EulerOS 2.0 SP8 : bzip2 (EulerOS-SA-2019-1782)");
  script_summary(english:"Checks the rpm output for the updated package.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the bzip2 packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - BZ2_decompress in decompress.c in bzip2 through 1.0.6
    has an out-of-bounds write when there are many
    selectors.(CVE-2019-12900)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1782
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ecf57ac");
  script_set_attribute(attribute:"solution", value:
"Update the affected bzip2 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["bzip2-1.0.6-29.eulerosv2r8",
        "bzip2-devel-1.0.6-29.eulerosv2r8",
        "bzip2-libs-1.0.6-29.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2");
}
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0168_BZIP2.NASL
    descriptionAn update of the bzip2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128174
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128174
    titlePhoton OS 2.0: Bzip2 PHSA-2019-2.0-0168
    code
    #
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2019-2.0-0168. The text
# itself is copyright (C) VMware, Inc.

include("compat.inc");

if (description)
{
  script_id(128174);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/02");

  script_cve_id("CVE-2019-12900");

  script_name(english:"Photon OS 2.0: Bzip2 PHSA-2019-2.0-0168");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"An update of the bzip2 package has been released.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-168.md");
  script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12900");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bzip2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

if (rpm_check(release:"PhotonOS-2.0", reference:"bzip2-1.0.6-9.ph2")) flag++;
if (rpm_check(release:"PhotonOS-2.0", reference:"bzip2-debuginfo-1.0.6-9.ph2")) flag++;
if (rpm_check(release:"PhotonOS-2.0", reference:"bzip2-devel-1.0.6-9.ph2")) flag++;
if (rpm_check(release:"PhotonOS-2.0", reference:"bzip2-libs-1.0.6-9.ph2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2");
}
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1837.NASL
    descriptionAccording to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-09-17
    plugin id128889
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128889
    titleEulerOS 2.0 SP2 : bzip2 (EulerOS-SA-2019-1837)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(128889);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");

  script_cve_id(
    "CVE-2019-12900"
  );

  script_name(english:"EulerOS 2.0 SP2 : bzip2 (EulerOS-SA-2019-1837)");
  script_summary(english:"Checks the rpm output for the updated package.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the bzip2 packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - BZ2_decompress in decompress.c in bzip2 through 1.0.6
    has an out-of-bounds write when there are many
    selectors.(CVE-2019-12900)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1837
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d38f3f9");
  script_set_attribute(attribute:"solution", value:
"Update the affected bzip2 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["bzip2-1.0.6-13.h3",
        "bzip2-devel-1.0.6-13.h3",
        "bzip2-libs-1.0.6-13.h3"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2");
}
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-AABCB53EC6.NASL
    descriptionClamAV 0.101.4 is a security patch release that addresses the following issues. - An out of bounds write was possible within ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id128437
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128437
    titleFedora 29 : clamav (2019-aabcb53ec6)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-aabcb53ec6.
#

include("compat.inc");

if (description)
{
  script_id(128437);
  script_version("1.3");
  script_cvs_date("Date: 2019/12/31");

  script_cve_id("CVE-2019-12625", "CVE-2019-12900");
  script_xref(name:"FEDORA", value:"2019-aabcb53ec6");

  script_name(english:"Fedora 29 : clamav (2019-aabcb53ec6)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"ClamAV 0.101.4 is a security patch release that addresses the
following issues.

  - An out of bounds write was possible within ClamAV's NSIS
    bzip2 library when attempting decompression in cases
    where the number of selectors exceeded the max limit set
    by the library (CVE-2019-12900). The issue has been
    resolved by respecting that limit.

    Thanks to Martin Simmons for reporting the issue here.

  - The zip bomb vulnerability mitigated in 0.101.3 has been
    assigned the CVE identifier CVE-2019-12625.
    Unfortunately, a workaround for the zip-bomb mitigation
    was immediately identified. To remediate the zip-bomb
    scan time issue, a scan time limit has been introduced
    in 0.101.4. This limit now resolves ClamAV's
    vulnerability to CVE-2019-12625.

    The default scan time limit is 2 minutes (120000
    milliseconds).

    To customize the time limit :

  - use the clamscan --max-scantime option

  - use the clamd MaxScanTime config option

    Libclamav users may customize the time limit using the
    cl_engine_set_num function. For example :

    C cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME,
    time_limit_milliseconds)

    Thanks to David Fifield for reviewing the zip-bomb
    mitigation in 0.101.3 and reporting the issue.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-aabcb53ec6"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected clamav package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC29", reference:"clamav-0.101.4-1.fc29")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4146-1.NASL
    descriptionIt was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-12625) It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12900). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129556
    published2019-10-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129556
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : clamav vulnerabilities (USN-4146-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2597.NASL
    descriptionThis update for clamav fixes the following issues : Security issue fixed : - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed : - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131540
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131540
    titleopenSUSE Security Update : clamav (openSUSE-2019-2597)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1918.NASL
    descriptionThis update for bzip2 fixes the following issues : - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128010
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128010
    titleopenSUSE Security Update : bzip2 (openSUSE-2019-1918)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0242_BZIP2.NASL
    descriptionAn update of the bzip2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126471
    published2019-07-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126471
    titlePhoton OS 1.0: Bzip2 PHSA-2019-1.0-0242
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4038-1.NASL
    descriptionAladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126305
    published2019-06-27
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126305
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : bzip2 vulnerabilities (USN-4038-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-195-01.NASL
    descriptionNew bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126685
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126685
    titleSlackware 14.0 / 14.1 / 14.2 / current : bzip2 (SSA:2019-195-01)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1920.NASL
    descriptionAccording to the version of the bzip2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128925
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128925
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : bzip2 (EulerOS-SA-2019-1920)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0242_BINUTILS.NASL
    descriptionAn update of the binutils package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126470
    published2019-07-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126470
    titlePhoton OS 1.0: Binutils PHSA-2019-1.0-0242
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1757.NASL
    descriptionAccording to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-23
    plugin id126933
    published2019-07-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126933
    titleEulerOS 2.0 SP5 : bzip2 (EulerOS-SA-2019-1757)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4B6CB45D881E447AA4E0C97A954EA758.NASL
    descriptionbzip2 developers reports : CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko) CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive.
    last seen2020-06-01
    modified2020-06-02
    plugin id126364
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126364
    titleFreeBSD : bzip2 -- multiple issues (4b6cb45d-881e-447a-a4e0-c97a954ea758)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1953.NASL
    descriptionThe update of clamav released as DLA 1953-1 led to permission issues on /var/run/clamav. This caused several users to experience issues restarting the clamav daemon. This regression is caused by a mistakenly backported patch from the stretch package, upon which this update was based. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id129799
    published2019-10-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129799
    titleDebian DLA-1953-2 : clamav regression update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1781.NASL
    descriptionThis update for bzip2 fixes the following issues : Security issue fixed : - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126911
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126911
    titleopenSUSE Security Update : bzip2 (openSUSE-2019-1781)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1833.NASL
    descriptionThe original fix for CVE-2019-12900 in bzip2, a high-quality block-sorting file compressor, introduces regressions when extracting certain lbzip2 files which were created with a buggy libzip2. Please see https://bugs.debian.org/931278 for more information. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126221
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126221
    titleDebian DLA-1833-2 : bzip2 regression update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_DBD1F627C43B11E9A9239C5C8E75236A.NASL
    descriptionMicah Snyder reports : - An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit. - The zip bomb vulnerability mitigated in 0.101.3 has been assigned the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb mitigation was immediately identified. To remediate the zip-bomb scan time issue, a scan time limit has been introduced in 0.101.4. This limit now resolves ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id128137
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128137
    titleFreeBSD : clamav -- multiple vulnerabilities (dbd1f627-c43b-11e9-a923-9c5c8e75236a)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2004-1.NASL
    descriptionThis update for bzip2 fixes the following issues : Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127747
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127747
    titleSUSE SLED15 / SLES15 Security Update : bzip2 (SUSE-SU-2019:2004-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1846-1.NASL
    descriptionThis update for bzip2 fixes the following issues : Security issue fixed : CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126737
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126737
    titleSUSE SLED15 / SLES15 Security Update : bzip2 (SUSE-SU-2019:1846-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2057.NASL
    descriptionAccording to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129250
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129250
    titleEulerOS 2.0 SP3 : bzip2 (EulerOS-SA-2019-2057)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2595.NASL
    descriptionThis update for clamav fixes the following issues : Security issue fixed : - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed : - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131538
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131538
    titleopenSUSE Security Update : clamav (openSUSE-2019-2595)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1955-1.NASL
    descriptionThis update for bzip2 fixes the following issues : Security issue fixed : CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126985
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126985
    titleSUSE SLED12 / SLES12 Security Update : bzip2 (SUSE-SU-2019:1955-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0242_KUBERNETES.NASL
    descriptionAn update of the kubernetes package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126472
    published2019-07-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126472
    titlePhoton OS 1.0: Kubernetes PHSA-2019-1.0-0242

References