Test ID:	1.3.6.1.4.1.25623.1.1.10.2019.0030
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2019-0030)
Summary:	The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2019-0030 advisory.
Description:	Summary: The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2019-0030 advisory. Vulnerability Insight: read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header (CVE-2017-14502). Multiple security issues were found in libarchive: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879, CVE-2018-1000880). Affected Software/OS: 'libarchive' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14502 Debian Security Information: DSA-4360 (Google Search) https://www.debian.org/security/2018/dsa-4360 https://security.gentoo.org/glsa/201908-11 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 https://bugs.debian.org/875974 https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6 https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html https://usn.ubuntu.com/3859-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1000877 BugTraq ID: 106324 http://www.securityfocus.com/bid/106324 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/ https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31 https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html RedHat Security Advisories: RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:2298 RedHat Security Advisories: RHSA-2019:3698 https://access.redhat.com/errata/RHSA-2019:3698 SuSE Security Announcement: openSUSE-SU-2019:1196 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html SuSE Security Announcement: openSUSE-SU-2019:2615 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2632 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2018-1000878 https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Common Vulnerability Exposure (CVE) ID: CVE-2018-1000879 https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 Common Vulnerability Exposure (CVE) ID: CVE-2018-1000880 https://github.com/libarchive/libarchive/pull/1105/commits/9c84b7426660c09c18cc349f6d70b5f8168b5680
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.