Vulnerabilities > CVE-2019-12900 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-5C2DC50262.NASL description ClamAV 0.101.4 is a security patch release that addresses the following issues. - An out of bounds write was possible within ClamAV last seen 2020-06-01 modified 2020-06-02 plugin id 128132 published 2019-08-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128132 title Fedora 30 : clamav (2019-5c2dc50262) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-5c2dc50262. # include("compat.inc"); if (description) { script_id(128132); script_version("1.3"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2019-12625", "CVE-2019-12900"); script_xref(name:"FEDORA", value:"2019-5c2dc50262"); script_name(english:"Fedora 30 : clamav (2019-5c2dc50262)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "ClamAV 0.101.4 is a security patch release that addresses the following issues. - An out of bounds write was possible within ClamAV's NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit. Thanks to Martin Simmons for reporting the issue here. - The zip bomb vulnerability mitigated in 0.101.3 has been assigned the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb mitigation was immediately identified. To remediate the zip-bomb scan time issue, a scan time limit has been introduced in 0.101.4. This limit now resolves ClamAV's vulnerability to CVE-2019-12625. The default scan time limit is 2 minutes (120000 milliseconds). To customize the time limit : - use the clamscan --max-scantime option - use the clamd MaxScanTime config option Libclamav users may customize the time limit using the cl_engine_set_num function. For example : C cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds) Thanks to David Fifield for reviewing the zip-bomb mitigation in 0.101.3 and reporting the issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5c2dc50262" ); script_set_attribute( attribute:"solution", value:"Update the affected clamav package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"clamav-0.101.4-1.fc30")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-3066-1.NASL description This update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131385 published 2019-11-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131385 title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:3066-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:3066-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(131385); script_version("1.2"); script_cvs_date("Date: 2019/12/09"); script_cve_id("CVE-2019-12625", "CVE-2019-12900"); script_name(english:"SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:3066-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1144504" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149458" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151839" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12625/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12900/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20193066-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f4aae87b" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE OpenStack Cloud Crowbar 8:zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-3066=1 SUSE OpenStack Cloud 8:zypper in -t patch SUSE-OpenStack-Cloud-8-2019-3066=1 SUSE OpenStack Cloud 7:zypper in -t patch SUSE-OpenStack-Cloud-7-2019-3066=1 SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-3066=1 SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-3066=1 SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-3066=1 SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-3066=1 SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-3066=1 SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-3066=1 SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-3066=1 SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-3066=1 SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-3066=1 SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-3066=1 SUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2019-3066=1 HPE Helion Openstack 8:zypper in -t patch HPE-Helion-OpenStack-8-2019-3066=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"clamav-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"clamav-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"clamav-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"clamav-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"clamav-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"clamav-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"clamav-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"clamav-debuginfo-0.100.3-33.26.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"clamav-debugsource-0.100.3-33.26.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2013-1.NASL description This update for bzip2 fixes the following issues : Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127753 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127753 title SUSE SLED12 / SLES12 Security Update : bzip2 (SUSE-SU-2019:2013-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:2013-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(127753); script_version("1.3"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2019-12900"); script_name(english:"SUSE SLED12 / SLES12 Security Update : bzip2 (SUSE-SU-2019:2013-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for bzip2 fixes the following issues : Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1139083" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12900/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20192013-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?019ff865" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE OpenStack Cloud Crowbar 8:zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2013=1 SUSE OpenStack Cloud 8:zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2013=1 SUSE OpenStack Cloud 7:zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2013=1 SUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2013=1 SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2013=1 SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2013=1 SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2013=1 SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2013=1 SUSE Linux Enterprise Server 12-SP5:zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2013=1 SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2013=1 SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2013=1 SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2013=1 SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2013=1 SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2013=1 SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2013=1 SUSE Linux Enterprise Desktop 12-SP5:zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2013=1 SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2013=1 SUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2019-2013=1 SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-2013=1 SUSE CaaS Platform 3.0 : To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. HPE Helion Openstack 8:zypper in -t patch HPE-Helion-OpenStack-8-2019-2013=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bzip2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bzip2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libbz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libbz2-1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libbz2-1-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4/5", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4/5", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"bzip2-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"bzip2-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"bzip2-debugsource-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libbz2-1-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libbz2-1-debuginfo-1.0.6-30.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libbz2-1-debuginfo-32bit-1.0.6-30.8.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-3053-1.NASL description This update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131305 published 2019-11-26 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131305 title SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:3053-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:3053-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(131305); script_version("1.2"); script_cvs_date("Date: 2019/12/09"); script_cve_id("CVE-2019-12625", "CVE-2019-12900"); script_name(english:"SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:3053-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1144504" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149458" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151839" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12625/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12900/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20193053-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?eda89089" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-3053=1 SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-3053=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclamav7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclamav7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclammspack0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclammspack0-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", reference:"clamav-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"clamav-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"clamav-debugsource-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"clamav-devel-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libclamav7-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libclamav7-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libclammspack0-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libclammspack0-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-debugsource-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-devel-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libclamav7-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libclamav7-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libclammspack0-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libclammspack0-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"clamav-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"clamav-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"clamav-debugsource-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"clamav-devel-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libclamav7-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libclamav7-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libclammspack0-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libclammspack0-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-debugsource-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-devel-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libclamav7-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libclamav7-debuginfo-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libclammspack0-0.100.3-3.14.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libclammspack0-debuginfo-0.100.3-3.14.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1782.NASL description According to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-07-25 plugin id 127019 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127019 title EulerOS 2.0 SP8 : bzip2 (EulerOS-SA-2019-1782) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(127019); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2019-12900" ); script_name(english:"EulerOS 2.0 SP8 : bzip2 (EulerOS-SA-2019-1782)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1782 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ecf57ac"); script_set_attribute(attribute:"solution", value: "Update the affected bzip2 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["bzip2-1.0.6-29.eulerosv2r8", "bzip2-devel-1.0.6-29.eulerosv2r8", "bzip2-libs-1.0.6-29.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0168_BZIP2.NASL description An update of the bzip2 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 128174 published 2019-08-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128174 title Photon OS 2.0: Bzip2 PHSA-2019-2.0-0168 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0168. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(128174); script_version("1.2"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2019-12900"); script_name(english:"Photon OS 2.0: Bzip2 PHSA-2019-2.0-0168"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the bzip2 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-168.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12900"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bzip2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"bzip2-1.0.6-9.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"bzip2-debuginfo-1.0.6-9.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"bzip2-devel-1.0.6-9.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"bzip2-libs-1.0.6-9.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1837.NASL description According to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-09-17 plugin id 128889 published 2019-09-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128889 title EulerOS 2.0 SP2 : bzip2 (EulerOS-SA-2019-1837) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128889); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2019-12900" ); script_name(english:"EulerOS 2.0 SP2 : bzip2 (EulerOS-SA-2019-1837)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1837 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d38f3f9"); script_set_attribute(attribute:"solution", value: "Update the affected bzip2 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bzip2-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["bzip2-1.0.6-13.h3", "bzip2-devel-1.0.6-13.h3", "bzip2-libs-1.0.6-13.h3"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-AABCB53EC6.NASL description ClamAV 0.101.4 is a security patch release that addresses the following issues. - An out of bounds write was possible within ClamAV last seen 2020-06-01 modified 2020-06-02 plugin id 128437 published 2019-09-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128437 title Fedora 29 : clamav (2019-aabcb53ec6) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-aabcb53ec6. # include("compat.inc"); if (description) { script_id(128437); script_version("1.3"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2019-12625", "CVE-2019-12900"); script_xref(name:"FEDORA", value:"2019-aabcb53ec6"); script_name(english:"Fedora 29 : clamav (2019-aabcb53ec6)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "ClamAV 0.101.4 is a security patch release that addresses the following issues. - An out of bounds write was possible within ClamAV's NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit. Thanks to Martin Simmons for reporting the issue here. - The zip bomb vulnerability mitigated in 0.101.3 has been assigned the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb mitigation was immediately identified. To remediate the zip-bomb scan time issue, a scan time limit has been introduced in 0.101.4. This limit now resolves ClamAV's vulnerability to CVE-2019-12625. The default scan time limit is 2 minutes (120000 milliseconds). To customize the time limit : - use the clamscan --max-scantime option - use the clamd MaxScanTime config option Libclamav users may customize the time limit using the cl_engine_set_num function. For example : C cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds) Thanks to David Fifield for reviewing the zip-bomb mitigation in 0.101.3 and reporting the issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-aabcb53ec6" ); script_set_attribute( attribute:"solution", value:"Update the affected clamav package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"clamav-0.101.4-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4146-1.NASL description It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-12625) It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12900). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129556 published 2019-10-03 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129556 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : clamav vulnerabilities (USN-4146-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2597.NASL description This update for clamav fixes the following issues : Security issue fixed : - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed : - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 131540 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131540 title openSUSE Security Update : clamav (openSUSE-2019-2597) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1918.NASL description This update for bzip2 fixes the following issues : - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 128010 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128010 title openSUSE Security Update : bzip2 (openSUSE-2019-1918) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0242_BZIP2.NASL description An update of the bzip2 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126471 published 2019-07-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126471 title Photon OS 1.0: Bzip2 PHSA-2019-1.0-0242 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4038-1.NASL description Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126305 published 2019-06-27 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126305 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : bzip2 vulnerabilities (USN-4038-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-195-01.NASL description New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126685 published 2019-07-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126685 title Slackware 14.0 / 14.1 / 14.2 / current : bzip2 (SSA:2019-195-01) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1920.NASL description According to the version of the bzip2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128925 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128925 title EulerOS Virtualization for ARM 64 3.0.2.0 : bzip2 (EulerOS-SA-2019-1920) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0242_BINUTILS.NASL description An update of the binutils package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126470 published 2019-07-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126470 title Photon OS 1.0: Binutils PHSA-2019-1.0-0242 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1757.NASL description According to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-23 plugin id 126933 published 2019-07-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126933 title EulerOS 2.0 SP5 : bzip2 (EulerOS-SA-2019-1757) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4B6CB45D881E447AA4E0C97A954EA758.NASL description bzip2 developers reports : CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko) CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive. last seen 2020-06-01 modified 2020-06-02 plugin id 126364 published 2019-07-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126364 title FreeBSD : bzip2 -- multiple issues (4b6cb45d-881e-447a-a4e0-c97a954ea758) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1953.NASL description The update of clamav released as DLA 1953-1 led to permission issues on /var/run/clamav. This caused several users to experience issues restarting the clamav daemon. This regression is caused by a mistakenly backported patch from the stretch package, upon which this update was based. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 129799 published 2019-10-11 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129799 title Debian DLA-1953-2 : clamav regression update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1781.NASL description This update for bzip2 fixes the following issues : Security issue fixed : - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 126911 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126911 title openSUSE Security Update : bzip2 (openSUSE-2019-1781) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1833.NASL description The original fix for CVE-2019-12900 in bzip2, a high-quality block-sorting file compressor, introduces regressions when extracting certain lbzip2 files which were created with a buggy libzip2. Please see https://bugs.debian.org/931278 for more information. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 126221 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126221 title Debian DLA-1833-2 : bzip2 regression update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DBD1F627C43B11E9A9239C5C8E75236A.NASL description Micah Snyder reports : - An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit. - The zip bomb vulnerability mitigated in 0.101.3 has been assigned the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb mitigation was immediately identified. To remediate the zip-bomb scan time issue, a scan time limit has been introduced in 0.101.4. This limit now resolves ClamAV last seen 2020-06-01 modified 2020-06-02 plugin id 128137 published 2019-08-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128137 title FreeBSD : clamav -- multiple vulnerabilities (dbd1f627-c43b-11e9-a923-9c5c8e75236a) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2004-1.NASL description This update for bzip2 fixes the following issues : Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127747 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127747 title SUSE SLED15 / SLES15 Security Update : bzip2 (SUSE-SU-2019:2004-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1846-1.NASL description This update for bzip2 fixes the following issues : Security issue fixed : CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126737 published 2019-07-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126737 title SUSE SLED15 / SLES15 Security Update : bzip2 (SUSE-SU-2019:1846-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2057.NASL description According to the version of the bzip2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.(CVE-2019-12900) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129250 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129250 title EulerOS 2.0 SP3 : bzip2 (EulerOS-SA-2019-2057) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2595.NASL description This update for clamav fixes the following issues : Security issue fixed : - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed : - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 131538 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131538 title openSUSE Security Update : clamav (openSUSE-2019-2595) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1955-1.NASL description This update for bzip2 fixes the following issues : Security issue fixed : CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126985 published 2019-07-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126985 title SUSE SLED12 / SLES12 Security Update : bzip2 (SUSE-SU-2019:1955-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0242_KUBERNETES.NASL description An update of the kubernetes package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126472 published 2019-07-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126472 title Photon OS 1.0: Kubernetes PHSA-2019-1.0-0242
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
- http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
- http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
- http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
- http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
- https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
- https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
- https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
- https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
- https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
- https://seclists.org/bugtraq/2019/Aug/4
- https://seclists.org/bugtraq/2019/Aug/4
- https://seclists.org/bugtraq/2019/Jul/22
- https://seclists.org/bugtraq/2019/Jul/22
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
- https://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K68713584?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4038-1/
- https://usn.ubuntu.com/4038-1/
- https://usn.ubuntu.com/4038-2/
- https://usn.ubuntu.com/4038-2/
- https://usn.ubuntu.com/4146-1/
- https://usn.ubuntu.com/4146-1/
- https://usn.ubuntu.com/4146-2/
- https://usn.ubuntu.com/4146-2/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html