Test ID:	1.3.6.1.4.1.25623.1.0.842832
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3033-1)
Summary:	The remote host is missing an update for the 'libarchive' package(s) announced via the USN-3033-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libarchive' package(s) announced via the USN-3033-1 advisory. Vulnerability Insight: Hanno Bock discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917 CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-5844) Marcin 'Icewall' Noga discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4300, CVE-2016-4302) It was discovered that libarchive incorrectly handled memory allocation with large cpio symlinks. A remote attacker could use this issue to possibly cause libarchive to crash, resulting in a denial of service. (CVE-2016-4809) Affected Software/OS: 'libarchive' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.10, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8916 BugTraq ID: 91296 http://www.securityfocus.com/bid/91296 Debian Security Information: DSA-3657 (Google Search) http://www.debian.org/security/2016/dsa-3657 https://security.gentoo.org/glsa/201701-03 https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 RedHat Security Advisories: RHSA-2016:1844 http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.ubuntu.com/usn/USN-3033-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8917 BugTraq ID: 91303 http://www.securityfocus.com/bid/91303 Common Vulnerability Exposure (CVE) ID: CVE-2015-8919 BugTraq ID: 91302 http://www.securityfocus.com/bid/91302 SuSE Security Announcement: SUSE-SU-2016:1909 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8920 BugTraq ID: 91301 http://www.securityfocus.com/bid/91301 RedHat Security Advisories: RHSA-2016:1850 http://rhn.redhat.com/errata/RHSA-2016-1850.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8921 BugTraq ID: 91307 http://www.securityfocus.com/bid/91307 Common Vulnerability Exposure (CVE) ID: CVE-2015-8922 BugTraq ID: 91312 http://www.securityfocus.com/bid/91312 Common Vulnerability Exposure (CVE) ID: CVE-2015-8923 BugTraq ID: 91309 http://www.securityfocus.com/bid/91309 Common Vulnerability Exposure (CVE) ID: CVE-2015-8924 BugTraq ID: 91308 http://www.securityfocus.com/bid/91308 Common Vulnerability Exposure (CVE) ID: CVE-2015-8925 BugTraq ID: 91306 http://www.securityfocus.com/bid/91306 Common Vulnerability Exposure (CVE) ID: CVE-2015-8926 BugTraq ID: 91304 http://www.securityfocus.com/bid/91304 Common Vulnerability Exposure (CVE) ID: CVE-2015-8928 BugTraq ID: 91337 http://www.securityfocus.com/bid/91337 Common Vulnerability Exposure (CVE) ID: CVE-2015-8930 BugTraq ID: 91339 http://www.securityfocus.com/bid/91339 Common Vulnerability Exposure (CVE) ID: CVE-2015-8931 BugTraq ID: 91338 http://www.securityfocus.com/bid/91338 https://security-tracker.debian.org/tracker/CVE-2015-8931 Common Vulnerability Exposure (CVE) ID: CVE-2015-8932 BugTraq ID: 91424 http://www.securityfocus.com/bid/91424 Common Vulnerability Exposure (CVE) ID: CVE-2015-8933 BugTraq ID: 91421 http://www.securityfocus.com/bid/91421 Common Vulnerability Exposure (CVE) ID: CVE-2015-8934 BugTraq ID: 91409 http://www.securityfocus.com/bid/91409 Common Vulnerability Exposure (CVE) ID: CVE-2016-4300 BugTraq ID: 91326 http://www.securityfocus.com/bid/91326 http://blog.talosintel.com/2016/06/the-poisoned-archives.html http://www.talosintel.com/reports/TALOS-2016-0152/ Common Vulnerability Exposure (CVE) ID: CVE-2016-4302 BugTraq ID: 91331 http://www.securityfocus.com/bid/91331 http://www.talosintel.com/reports/TALOS-2016-0154/ Common Vulnerability Exposure (CVE) ID: CVE-2016-4809 BugTraq ID: 91813 http://www.securityfocus.com/bid/91813 Common Vulnerability Exposure (CVE) ID: CVE-2016-5844 BugTraq ID: 91808 http://www.securityfocus.com/bid/91808 https://blog.fuzzing-project.org/48-Out-of-bounds-read-and-signed-integer-overflow-in-libarchive.html http://www.openwall.com/lists/oss-security/2016/06/23/6 http://www.openwall.com/lists/oss-security/2016/06/24/4 http://www.securitytracker.com/id/1036173
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.