Test ID:	1.3.6.1.4.1.25623.1.0.843871
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3859-1)
Summary:	The remote host is missing an update for the 'libarchive' package(s) announced via the USN-3859-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libarchive' package(s) announced via the USN-3859-1 advisory. Vulnerability Insight: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-14502) Affected Software/OS: 'libarchive' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 18.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14502 Debian Security Information: DSA-4360 (Google Search) https://www.debian.org/security/2018/dsa-4360 https://security.gentoo.org/glsa/201908-11 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 https://bugs.debian.org/875974 https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6 https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html https://usn.ubuntu.com/3859-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1000877 BugTraq ID: 106324 http://www.securityfocus.com/bid/106324 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/ https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31 https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html RedHat Security Advisories: RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:2298 RedHat Security Advisories: RHSA-2019:3698 https://access.redhat.com/errata/RHSA-2019:3698 SuSE Security Announcement: openSUSE-SU-2019:1196 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html SuSE Security Announcement: openSUSE-SU-2019:2615 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2632 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2018-1000878 https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Common Vulnerability Exposure (CVE) ID: CVE-2018-1000880 https://github.com/libarchive/libarchive/pull/1105/commits/9c84b7426660c09c18cc349f6d70b5f8168b5680
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.