Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2015-8918
Vulnerability from cvelistv5
Published
2016-09-20 14:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:36:29.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libarchive/libarchive/issues/506", }, { name: "SUSE-SU-2016:1909", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html", }, { name: "[oss-security] 20160617 Many invalid memory access issues in libarchive", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/2", }, { name: "GLSA-201701-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201701-03", }, { name: "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/5", }, { name: "91300", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91300", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-11T00:00:00", descriptions: [ { lang: "en", value: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-30T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libarchive/libarchive/issues/506", }, { name: "SUSE-SU-2016:1909", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html", }, { name: "[oss-security] 20160617 Many invalid memory access issues in libarchive", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/2", }, { name: "GLSA-201701-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201701-03", }, { name: "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/5", }, { name: "91300", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91300", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8918", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", refsource: "MISC", url: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", }, { name: "https://github.com/libarchive/libarchive/issues/506", refsource: "CONFIRM", url: "https://github.com/libarchive/libarchive/issues/506", }, { name: "SUSE-SU-2016:1909", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html", }, { name: "[oss-security] 20160617 Many invalid memory access issues in libarchive", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/17/2", }, { name: "GLSA-201701-03", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-03", }, { name: "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/17/5", }, { name: "91300", refsource: "BID", url: "http://www.securityfocus.com/bid/91300", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8918", datePublished: "2016-09-20T14:00:00", dateReserved: "2016-06-17T00:00:00", dateUpdated: "2024-08-06T08:36:29.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2015-8918\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-09-20T14:15:04.400\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \\\"overlapping memcpy.\\\"\"},{\"lang\":\"es\",\"value\":\"La función archive_string_append en archive_string.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo cab manipulado, relacionado con \\\"superposición de memcpy\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6359EF76-9371-4418-8694-B604CF02CF63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"81D94366-47D6-445A-A811-39327B150FCD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1.901a\",\"matchCriteriaId\":\"DC45D478-0BA2-4386-B1D2-E516D9AC28A9\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/17/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/17/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91300\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/libarchive/libarchive/issues/506\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-03\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/17/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/17/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91300\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/libarchive/libarchive/issues/506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
ghsa-6qx6-pvc6-fffj
Vulnerability from github
Published
2022-05-17 02:37
Modified
2022-05-17 02:37
Severity ?
Details
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
{ affected: [], aliases: [ "CVE-2015-8918", ], database_specific: { cwe_ids: [ "CWE-119", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2016-09-20T14:15:00Z", severity: "HIGH", }, details: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", id: "GHSA-6qx6-pvc6-fffj", modified: "2022-05-17T02:37:56Z", published: "2022-05-17T02:37:56Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8918", }, { type: "WEB", url: "https://github.com/libarchive/libarchive/issues/506", }, { type: "WEB", url: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201701-03", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2016/06/17/2", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2016/06/17/5", }, { type: "WEB", url: "http://www.securityfocus.com/bid/91300", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
fkie_cve-2015-8918
Vulnerability from fkie_nvd
Published
2016-09-20 14:15
Modified
2025-04-12 10:46
Severity ?
Summary
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux_enterprise_software_development_kit | 12.0 | |
| novell | suse_linux_enterprise_desktop | 12.0 | |
| novell | suse_linux_enterprise_server | 12.0 | |
| libarchive | libarchive | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*", matchCriteriaId: "DC45D478-0BA2-4386-B1D2-E516D9AC28A9", versionEndIncluding: "3.1.901a", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", }, { lang: "es", value: "La función archive_string_append en archive_string.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo cab manipulado, relacionado con \"superposición de memcpy\".", }, ], id: "CVE-2015-8918", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-20T14:15:04.400", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/5", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/91300", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libarchive/libarchive/issues/506", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201701-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libarchive/libarchive/issues/506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201701-03", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
suse-su-2016:1939-1
Vulnerability from csaf_suse
Published
2016-08-02 11:41
Modified
2016-08-02 11:41
Summary
Security update for bsdtar
Notes
Title of the patch
Security update for bsdtar
Description of the patch
bsdtar was updated to fix seven security issues.
These security issues were fixed:
- CVE-2015-8929: Memory leak in tar parser (bsc#985669).
- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).
- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).
- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).
- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).
- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).
- CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870).
Patchnames
sdksp4-bsdtar-12672,sleclo50sp3-bsdtar-12672,sleman21-bsdtar-12672,slemap21-bsdtar-12672,sleposp3-bsdtar-12672,slessp2-bsdtar-12672,slessp3-bsdtar-12672,slessp4-bsdtar-12672,slestso13-bsdtar-12672
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for bsdtar", title: "Title of the patch", }, { category: "description", text: "bsdtar was updated to fix seven security issues.\n\nThese security issues were fixed:\n- CVE-2015-8929: Memory leak in tar parser (bsc#985669).\n- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).\n- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).\n- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).\n- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).\n- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).\n- CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870).\n", title: "Description of the patch", }, { category: "details", text: "sdksp4-bsdtar-12672,sleclo50sp3-bsdtar-12672,sleman21-bsdtar-12672,slemap21-bsdtar-12672,sleposp3-bsdtar-12672,slessp2-bsdtar-12672,slessp3-bsdtar-12672,slessp4-bsdtar-12672,slestso13-bsdtar-12672", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1939-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:1939-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161939-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:1939-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002172.html", }, { category: "self", summary: "SUSE Bug 920870", url: "https://bugzilla.suse.com/920870", }, { category: "self", summary: "SUSE Bug 984990", url: "https://bugzilla.suse.com/984990", }, { category: "self", summary: "SUSE Bug 985609", url: "https://bugzilla.suse.com/985609", }, { category: "self", summary: "SUSE Bug 985669", url: "https://bugzilla.suse.com/985669", }, { category: "self", summary: "SUSE Bug 985675", url: "https://bugzilla.suse.com/985675", }, { category: "self", summary: "SUSE Bug 985682", url: "https://bugzilla.suse.com/985682", }, { category: "self", summary: "SUSE Bug 985698", url: "https://bugzilla.suse.com/985698", }, { category: "self", summary: "SUSE CVE CVE-2015-2304 page", url: "https://www.suse.com/security/cve/CVE-2015-2304/", }, { category: "self", summary: "SUSE CVE CVE-2015-8918 page", url: "https://www.suse.com/security/cve/CVE-2015-8918/", }, { category: "self", summary: "SUSE CVE CVE-2015-8920 page", url: "https://www.suse.com/security/cve/CVE-2015-8920/", }, { category: "self", summary: "SUSE CVE CVE-2015-8921 page", url: "https://www.suse.com/security/cve/CVE-2015-8921/", }, { category: "self", summary: "SUSE CVE CVE-2015-8924 page", url: "https://www.suse.com/security/cve/CVE-2015-8924/", }, { category: "self", summary: "SUSE CVE CVE-2015-8929 page", url: "https://www.suse.com/security/cve/CVE-2015-8929/", }, { category: "self", summary: "SUSE CVE CVE-2016-4809 page", url: "https://www.suse.com/security/cve/CVE-2016-4809/", }, ], title: "Security update for bsdtar", tracking: { current_release_date: "2016-08-02T11:41:26Z", generator: { date: "2016-08-02T11:41:26Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:1939-1", initial_release_date: "2016-08-02T11:41:26Z", revision_history: [ { date: "2016-08-02T11:41:26Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libarchive-devel-2.5.5-9.1.i586", product: { name: "libarchive-devel-2.5.5-9.1.i586", product_id: "libarchive-devel-2.5.5-9.1.i586", }, }, { category: "product_version", name: "libarchive2-2.5.5-9.1.i586", product: { name: "libarchive2-2.5.5-9.1.i586", product_id: "libarchive2-2.5.5-9.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libarchive-devel-2.5.5-9.1.ia64", product: { name: "libarchive-devel-2.5.5-9.1.ia64", product_id: "libarchive-devel-2.5.5-9.1.ia64", }, }, { category: "product_version", name: "libarchive2-2.5.5-9.1.ia64", product: { name: "libarchive2-2.5.5-9.1.ia64", product_id: "libarchive2-2.5.5-9.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "libarchive-devel-2.5.5-9.1.ppc64", product: { name: "libarchive-devel-2.5.5-9.1.ppc64", product_id: "libarchive-devel-2.5.5-9.1.ppc64", }, }, { category: "product_version", name: "libarchive2-2.5.5-9.1.ppc64", product: { name: "libarchive2-2.5.5-9.1.ppc64", product_id: "libarchive2-2.5.5-9.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libarchive-devel-2.5.5-9.1.s390x", product: { name: "libarchive-devel-2.5.5-9.1.s390x", product_id: "libarchive-devel-2.5.5-9.1.s390x", }, }, { category: "product_version", name: "libarchive2-2.5.5-9.1.s390x", product: { name: "libarchive2-2.5.5-9.1.s390x", product_id: "libarchive2-2.5.5-9.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libarchive-devel-2.5.5-9.1.x86_64", product: { name: "libarchive-devel-2.5.5-9.1.x86_64", product_id: "libarchive-devel-2.5.5-9.1.x86_64", }, }, { category: "product_version", name: "libarchive2-2.5.5-9.1.x86_64", product: { name: "libarchive2-2.5.5-9.1.x86_64", product_id: "libarchive2-2.5.5-9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product: { name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_identification_helper: { cpe: "cpe:/a:suse:sle-sdk:11:sp4", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 5", product: { name: "SUSE OpenStack Cloud 5", product_id: "SUSE OpenStack Cloud 5", product_identification_helper: { cpe: "cpe:/o:suse:cloud:5", }, }, }, { category: "product_name", name: "SUSE Manager 2.1", product: { name: "SUSE Manager 2.1", product_id: "SUSE Manager 2.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:2.1", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 2.1", product: { name: "SUSE Manager Proxy 2.1", product_id: "SUSE Manager Proxy 2.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:2.1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Point of Sale 11 SP3", product: { name: "SUSE Linux Enterprise Point of Sale 11 SP3", product_id: "SUSE Linux Enterprise Point of Sale 11 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-pos:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles_ltss:11:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles_ltss:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product: { name: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product_identification_helper: { cpe: "cpe:/o:suse:sles:11:sp3:teradata", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4", product: { name: "SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp4", }, }, }, { category: "product_name", name: "SUSE Studio Onsite 1.3", product: { name: "SUSE Studio Onsite 1.3", product_id: "SUSE Studio Onsite 1.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-studioonsite:1.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libarchive-devel-2.5.5-9.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", }, product_reference: "libarchive-devel-2.5.5-9.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive-devel-2.5.5-9.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", }, product_reference: "libarchive-devel-2.5.5-9.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive-devel-2.5.5-9.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", }, product_reference: "libarchive-devel-2.5.5-9.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive-devel-2.5.5-9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", }, product_reference: "libarchive-devel-2.5.5-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive-devel-2.5.5-9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", }, product_reference: "libarchive-devel-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.x86_64 as component of SUSE OpenStack Cloud 5", product_id: "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", }, product_reference: "libarchive2-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 5", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.s390x as component of SUSE Manager 2.1", product_id: "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", }, product_reference: "libarchive2-2.5.5-9.1.s390x", relates_to_product_reference: "SUSE Manager 2.1", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.x86_64 as component of SUSE Manager 2.1", product_id: "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", }, product_reference: "libarchive2-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Manager 2.1", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.x86_64 as component of SUSE Manager Proxy 2.1", product_id: "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", }, product_reference: "libarchive2-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 2.1", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3", product_id: "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", }, product_reference: "libarchive2-2.5.5-9.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Point of Sale 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", }, product_reference: "libarchive2-2.5.5-9.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", }, product_reference: "libarchive2-2.5.5-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", }, product_reference: "libarchive2-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", }, product_reference: "libarchive2-2.5.5-9.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", }, product_reference: "libarchive2-2.5.5-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", }, product_reference: "libarchive2-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", }, product_reference: "libarchive2-2.5.5-9.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", }, product_reference: "libarchive2-2.5.5-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", }, product_reference: "libarchive2-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", }, product_reference: "libarchive2-2.5.5-9.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", }, product_reference: "libarchive2-2.5.5-9.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", }, product_reference: "libarchive2-2.5.5-9.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", }, product_reference: "libarchive2-2.5.5-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", }, product_reference: "libarchive2-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", }, product_reference: "libarchive2-2.5.5-9.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", }, product_reference: "libarchive2-2.5.5-9.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", }, product_reference: "libarchive2-2.5.5-9.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", }, product_reference: "libarchive2-2.5.5-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive2-2.5.5-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", }, product_reference: "libarchive2-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libarchive-devel-2.5.5-9.1.x86_64 as component of SUSE Studio Onsite 1.3", product_id: "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", }, product_reference: "libarchive-devel-2.5.5-9.1.x86_64", relates_to_product_reference: "SUSE Studio Onsite 1.3", }, ], }, vulnerabilities: [ { cve: "CVE-2015-2304", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2304", }, ], notes: [ { category: "general", text: "Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2304", url: "https://www.suse.com/security/cve/CVE-2015-2304", }, { category: "external", summary: "SUSE Bug 920870 for CVE-2015-2304", url: "https://bugzilla.suse.com/920870", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-02T11:41:26Z", details: "moderate", }, ], title: "CVE-2015-2304", }, { cve: "CVE-2015-8918", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8918", }, ], notes: [ { category: "general", text: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8918", url: "https://www.suse.com/security/cve/CVE-2015-8918", }, { category: "external", summary: "SUSE Bug 985698 for CVE-2015-8918", url: "https://bugzilla.suse.com/985698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-02T11:41:26Z", details: "moderate", }, ], title: "CVE-2015-8918", }, { cve: "CVE-2015-8920", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8920", }, ], notes: [ { category: "general", text: "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8920", url: "https://www.suse.com/security/cve/CVE-2015-8920", }, { category: "external", summary: "SUSE Bug 985675 for CVE-2015-8920", url: "https://bugzilla.suse.com/985675", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-02T11:41:26Z", details: "moderate", }, ], title: "CVE-2015-8920", }, { cve: "CVE-2015-8921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8921", }, ], notes: [ { category: "general", text: "The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8921", url: "https://www.suse.com/security/cve/CVE-2015-8921", }, { category: "external", summary: "SUSE Bug 985682 for CVE-2015-8921", url: "https://bugzilla.suse.com/985682", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-02T11:41:26Z", details: "moderate", }, ], title: "CVE-2015-8921", }, { cve: "CVE-2015-8924", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8924", }, ], notes: [ { category: "general", text: "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8924", url: "https://www.suse.com/security/cve/CVE-2015-8924", }, { category: "external", summary: "SUSE Bug 985609 for CVE-2015-8924", url: "https://bugzilla.suse.com/985609", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-02T11:41:26Z", details: "moderate", }, ], title: "CVE-2015-8924", }, { cve: "CVE-2015-8929", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8929", }, ], notes: [ { category: "general", text: "Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8929", url: "https://www.suse.com/security/cve/CVE-2015-8929", }, { category: "external", summary: "SUSE Bug 985669 for CVE-2015-8929", url: "https://bugzilla.suse.com/985669", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-02T11:41:26Z", details: "moderate", }, ], title: "CVE-2015-8929", }, { cve: "CVE-2016-4809", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4809", }, ], notes: [ { category: "general", text: "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4809", url: "https://www.suse.com/security/cve/CVE-2016-4809", }, { category: "external", summary: "SUSE Bug 984990 for CVE-2016-4809", url: "https://bugzilla.suse.com/984990", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libarchive2-2.5.5-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libarchive-devel-2.5.5-9.1.x86_64", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.s390x", "SUSE Manager 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE Manager Proxy 2.1:libarchive2-2.5.5-9.1.x86_64", "SUSE OpenStack Cloud 5:libarchive2-2.5.5-9.1.x86_64", "SUSE Studio Onsite 1.3:libarchive-devel-2.5.5-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-02T11:41:26Z", details: "low", }, ], title: "CVE-2016-4809", }, ], }
suse-su-2016:1909-1
Vulnerability from csaf_suse
Published
2016-07-29 08:20
Modified
2016-07-29 08:20
Summary
Security update for libarchive
Notes
Title of the patch
Security update for libarchive
Description of the patch
libarchive was updated to fix 20 security issues.
These security issues were fixed:
- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).
- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).
- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).
- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).
- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).
- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).
- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).
- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).
- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).
- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).
- CVE-2015-8929: Memory leak in tar parser (bsc#985669).
- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).
- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).
- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).
- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).
- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).
- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).
- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).
- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).
- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for libarchive", title: "Title of the patch", }, { category: "description", text: "libarchive was updated to fix 20 security issues.\n\nThese security issues were fixed:\n- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).\n- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).\n- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).\n- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).\n- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).\n- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).\n- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).\n- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).\n- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).\n- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).\n- CVE-2015-8929: Memory leak in tar parser (bsc#985669).\n- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).\n- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).\n- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).\n- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).\n- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).\n- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).\n- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).\n- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).\n- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1909-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:1909-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161909-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:1909-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-July/002169.html", }, { category: "self", summary: "SUSE Bug 984990", url: "https://bugzilla.suse.com/984990", }, { category: "self", summary: "SUSE Bug 985609", url: "https://bugzilla.suse.com/985609", }, { category: "self", summary: "SUSE Bug 985665", url: "https://bugzilla.suse.com/985665", }, { category: "self", summary: "SUSE Bug 985669", url: "https://bugzilla.suse.com/985669", }, { category: "self", summary: "SUSE Bug 985673", url: "https://bugzilla.suse.com/985673", }, { category: "self", summary: "SUSE Bug 985675", url: "https://bugzilla.suse.com/985675", }, { category: "self", summary: "SUSE Bug 985679", url: "https://bugzilla.suse.com/985679", }, { category: "self", summary: "SUSE Bug 985682", url: "https://bugzilla.suse.com/985682", }, { category: "self", summary: "SUSE Bug 985685", url: "https://bugzilla.suse.com/985685", }, { category: "self", summary: "SUSE Bug 985688", url: "https://bugzilla.suse.com/985688", }, { category: "self", summary: "SUSE Bug 985689", url: "https://bugzilla.suse.com/985689", }, { category: "self", summary: "SUSE Bug 985697", url: "https://bugzilla.suse.com/985697", }, { category: "self", summary: "SUSE Bug 985698", url: "https://bugzilla.suse.com/985698", }, { category: "self", summary: "SUSE Bug 985700", url: "https://bugzilla.suse.com/985700", }, { category: "self", summary: "SUSE Bug 985703", url: "https://bugzilla.suse.com/985703", }, { category: "self", summary: "SUSE Bug 985704", url: "https://bugzilla.suse.com/985704", }, { category: "self", summary: "SUSE Bug 985706", url: "https://bugzilla.suse.com/985706", }, { category: "self", summary: "SUSE Bug 985826", url: "https://bugzilla.suse.com/985826", }, { category: "self", summary: "SUSE Bug 985832", url: "https://bugzilla.suse.com/985832", }, { category: "self", summary: "SUSE Bug 985835", url: "https://bugzilla.suse.com/985835", }, { category: "self", summary: "SUSE CVE CVE-2015-8918 page", url: "https://www.suse.com/security/cve/CVE-2015-8918/", }, { category: "self", summary: "SUSE CVE CVE-2015-8919 page", url: "https://www.suse.com/security/cve/CVE-2015-8919/", }, { category: "self", summary: "SUSE CVE CVE-2015-8920 page", url: "https://www.suse.com/security/cve/CVE-2015-8920/", }, { category: "self", summary: "SUSE CVE CVE-2015-8921 page", url: "https://www.suse.com/security/cve/CVE-2015-8921/", }, { category: "self", summary: "SUSE CVE CVE-2015-8922 page", url: "https://www.suse.com/security/cve/CVE-2015-8922/", }, { category: "self", summary: "SUSE CVE CVE-2015-8923 page", url: "https://www.suse.com/security/cve/CVE-2015-8923/", }, { category: "self", summary: "SUSE CVE CVE-2015-8924 page", url: "https://www.suse.com/security/cve/CVE-2015-8924/", }, { category: "self", summary: "SUSE CVE CVE-2015-8925 page", url: "https://www.suse.com/security/cve/CVE-2015-8925/", }, { category: "self", summary: "SUSE CVE CVE-2015-8926 page", url: "https://www.suse.com/security/cve/CVE-2015-8926/", }, { category: "self", summary: "SUSE CVE CVE-2015-8928 page", url: "https://www.suse.com/security/cve/CVE-2015-8928/", }, { category: "self", summary: "SUSE CVE CVE-2015-8929 page", url: "https://www.suse.com/security/cve/CVE-2015-8929/", }, { category: "self", summary: "SUSE CVE CVE-2015-8930 page", url: "https://www.suse.com/security/cve/CVE-2015-8930/", }, { category: "self", summary: "SUSE CVE CVE-2015-8931 page", url: "https://www.suse.com/security/cve/CVE-2015-8931/", }, { category: "self", summary: "SUSE CVE CVE-2015-8932 page", url: "https://www.suse.com/security/cve/CVE-2015-8932/", }, { category: "self", summary: "SUSE CVE CVE-2015-8933 page", url: "https://www.suse.com/security/cve/CVE-2015-8933/", }, { category: "self", summary: "SUSE CVE CVE-2015-8934 page", url: "https://www.suse.com/security/cve/CVE-2015-8934/", }, { category: "self", summary: "SUSE CVE CVE-2016-4300 page", url: "https://www.suse.com/security/cve/CVE-2016-4300/", }, { category: "self", summary: "SUSE CVE CVE-2016-4301 page", url: "https://www.suse.com/security/cve/CVE-2016-4301/", }, { category: "self", summary: "SUSE CVE CVE-2016-4302 page", url: "https://www.suse.com/security/cve/CVE-2016-4302/", }, { category: "self", summary: "SUSE CVE CVE-2016-4809 page", url: "https://www.suse.com/security/cve/CVE-2016-4809/", }, ], title: "Security update for libarchive", tracking: { current_release_date: "2016-07-29T08:20:09Z", generator: { date: "2016-07-29T08:20:09Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:1909-1", initial_release_date: "2016-07-29T08:20:09Z", revision_history: [ { date: "2016-07-29T08:20:09Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libarchive-devel-3.1.2-22.1.ppc64le", product: { name: "libarchive-devel-3.1.2-22.1.ppc64le", product_id: "libarchive-devel-3.1.2-22.1.ppc64le", }, }, { category: "product_version", name: "libarchive13-3.1.2-22.1.ppc64le", product: { name: "libarchive13-3.1.2-22.1.ppc64le", product_id: "libarchive13-3.1.2-22.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libarchive-devel-3.1.2-22.1.s390x", product: { name: "libarchive-devel-3.1.2-22.1.s390x", product_id: "libarchive-devel-3.1.2-22.1.s390x", }, }, { category: "product_version", name: "libarchive13-3.1.2-22.1.s390x", product: { name: "libarchive13-3.1.2-22.1.s390x", product_id: "libarchive13-3.1.2-22.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libarchive13-3.1.2-22.1.x86_64", product: { name: "libarchive13-3.1.2-22.1.x86_64", product_id: "libarchive13-3.1.2-22.1.x86_64", }, }, { category: "product_version", name: "libarchive-devel-3.1.2-22.1.x86_64", product: { name: "libarchive-devel-3.1.2-22.1.x86_64", product_id: "libarchive-devel-3.1.2-22.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP1", product: { name: "SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP1", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP1", product: { name: "SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", }, product_reference: "libarchive13-3.1.2-22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive-devel-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", }, product_reference: "libarchive-devel-3.1.2-22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive-devel-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", }, product_reference: "libarchive-devel-3.1.2-22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive-devel-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", }, product_reference: "libarchive-devel-3.1.2-22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", }, product_reference: "libarchive13-3.1.2-22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", }, product_reference: "libarchive13-3.1.2-22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", }, product_reference: "libarchive13-3.1.2-22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", }, product_reference: "libarchive13-3.1.2-22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", }, product_reference: "libarchive13-3.1.2-22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", }, product_reference: "libarchive13-3.1.2-22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2015-8918", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8918", }, ], notes: [ { category: "general", text: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8918", url: "https://www.suse.com/security/cve/CVE-2015-8918", }, { category: "external", summary: "SUSE Bug 985698 for CVE-2015-8918", url: "https://bugzilla.suse.com/985698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8918", }, { cve: "CVE-2015-8919", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8919", }, ], notes: [ { category: "general", text: "The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8919", url: "https://www.suse.com/security/cve/CVE-2015-8919", }, { category: "external", summary: "SUSE Bug 985697 for CVE-2015-8919", url: "https://bugzilla.suse.com/985697", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8919", }, { cve: "CVE-2015-8920", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8920", }, ], notes: [ { category: "general", text: "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8920", url: "https://www.suse.com/security/cve/CVE-2015-8920", }, { category: "external", summary: "SUSE Bug 985675 for CVE-2015-8920", url: "https://bugzilla.suse.com/985675", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8920", }, { cve: "CVE-2015-8921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8921", }, ], notes: [ { category: "general", text: "The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8921", url: "https://www.suse.com/security/cve/CVE-2015-8921", }, { category: "external", summary: "SUSE Bug 985682 for CVE-2015-8921", url: "https://bugzilla.suse.com/985682", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8921", }, { cve: "CVE-2015-8922", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8922", }, ], notes: [ { category: "general", text: "The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8922", url: "https://www.suse.com/security/cve/CVE-2015-8922", }, { category: "external", summary: "SUSE Bug 985685 for CVE-2015-8922", url: "https://bugzilla.suse.com/985685", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8922", }, { cve: "CVE-2015-8923", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8923", }, ], notes: [ { category: "general", text: "The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8923", url: "https://www.suse.com/security/cve/CVE-2015-8923", }, { category: "external", summary: "SUSE Bug 985703 for CVE-2015-8923", url: "https://bugzilla.suse.com/985703", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8923", }, { cve: "CVE-2015-8924", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8924", }, ], notes: [ { category: "general", text: "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8924", url: "https://www.suse.com/security/cve/CVE-2015-8924", }, { category: "external", summary: "SUSE Bug 985609 for CVE-2015-8924", url: "https://bugzilla.suse.com/985609", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8924", }, { cve: "CVE-2015-8925", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8925", }, ], notes: [ { category: "general", text: "The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8925", url: "https://www.suse.com/security/cve/CVE-2015-8925", }, { category: "external", summary: "SUSE Bug 985706 for CVE-2015-8925", url: "https://bugzilla.suse.com/985706", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8925", }, { cve: "CVE-2015-8926", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8926", }, ], notes: [ { category: "general", text: "The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8926", url: "https://www.suse.com/security/cve/CVE-2015-8926", }, { category: "external", summary: "SUSE Bug 985704 for CVE-2015-8926", url: "https://bugzilla.suse.com/985704", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8926", }, { cve: "CVE-2015-8928", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8928", }, ], notes: [ { category: "general", text: "The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8928", url: "https://www.suse.com/security/cve/CVE-2015-8928", }, { category: "external", summary: "SUSE Bug 985679 for CVE-2015-8928", url: "https://bugzilla.suse.com/985679", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8928", }, { cve: "CVE-2015-8929", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8929", }, ], notes: [ { category: "general", text: "Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8929", url: "https://www.suse.com/security/cve/CVE-2015-8929", }, { category: "external", summary: "SUSE Bug 985669 for CVE-2015-8929", url: "https://bugzilla.suse.com/985669", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8929", }, { cve: "CVE-2015-8930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8930", }, ], notes: [ { category: "general", text: "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8930", url: "https://www.suse.com/security/cve/CVE-2015-8930", }, { category: "external", summary: "SUSE Bug 985700 for CVE-2015-8930", url: "https://bugzilla.suse.com/985700", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8930", }, { cve: "CVE-2015-8931", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8931", }, ], notes: [ { category: "general", text: "Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8931", url: "https://www.suse.com/security/cve/CVE-2015-8931", }, { category: "external", summary: "SUSE Bug 985689 for CVE-2015-8931", url: "https://bugzilla.suse.com/985689", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8931", }, { cve: "CVE-2015-8932", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8932", }, ], notes: [ { category: "general", text: "The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8932", url: "https://www.suse.com/security/cve/CVE-2015-8932", }, { category: "external", summary: "SUSE Bug 985665 for CVE-2015-8932", url: "https://bugzilla.suse.com/985665", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8932", }, { cve: "CVE-2015-8933", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8933", }, ], notes: [ { category: "general", text: "Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8933", url: "https://www.suse.com/security/cve/CVE-2015-8933", }, { category: "external", summary: "SUSE Bug 985688 for CVE-2015-8933", url: "https://bugzilla.suse.com/985688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8933", }, { cve: "CVE-2015-8934", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8934", }, ], notes: [ { category: "general", text: "The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8934", url: "https://www.suse.com/security/cve/CVE-2015-8934", }, { category: "external", summary: "SUSE Bug 985673 for CVE-2015-8934", url: "https://bugzilla.suse.com/985673", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2015-8934", }, { cve: "CVE-2016-4300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4300", }, ], notes: [ { category: "general", text: "Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4300", url: "https://www.suse.com/security/cve/CVE-2016-4300", }, { category: "external", summary: "SUSE Bug 985832 for CVE-2016-4300", url: "https://bugzilla.suse.com/985832", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2016-4300", }, { cve: "CVE-2016-4301", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4301", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4301", url: "https://www.suse.com/security/cve/CVE-2016-4301", }, { category: "external", summary: "SUSE Bug 985826 for CVE-2016-4301", url: "https://bugzilla.suse.com/985826", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2016-4301", }, { cve: "CVE-2016-4302", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4302", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4302", url: "https://www.suse.com/security/cve/CVE-2016-4302", }, { category: "external", summary: "SUSE Bug 985835 for CVE-2016-4302", url: "https://bugzilla.suse.com/985835", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "moderate", }, ], title: "CVE-2016-4302", }, { cve: "CVE-2016-4809", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4809", }, ], notes: [ { category: "general", text: "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4809", url: "https://www.suse.com/security/cve/CVE-2016-4809", }, { category: "external", summary: "SUSE Bug 984990 for CVE-2016-4809", url: "https://bugzilla.suse.com/984990", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-07-29T08:20:09Z", details: "low", }, ], title: "CVE-2016-4809", }, ], }
gsd-2015-8918
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
Aliases
Aliases
{ GSD: { alias: "CVE-2015-8918", description: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", id: "GSD-2015-8918", references: [ "https://www.suse.com/security/cve/CVE-2015-8918.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2015-8918", ], details: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", id: "GSD-2015-8918", modified: "2023-12-13T01:20:03.124048Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8918", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", refsource: "MISC", url: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", }, { name: "https://github.com/libarchive/libarchive/issues/506", refsource: "CONFIRM", url: "https://github.com/libarchive/libarchive/issues/506", }, { name: "SUSE-SU-2016:1909", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html", }, { name: "[oss-security] 20160617 Many invalid memory access issues in libarchive", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/17/2", }, { name: "GLSA-201701-03", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-03", }, { name: "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/17/5", }, { name: "91300", refsource: "BID", url: "http://www.securityfocus.com/bid/91300", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.1.901a", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8918", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20160617 Many invalid memory access issues in libarchive", refsource: "MLIST", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/2", }, { name: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", refsource: "MISC", tags: [ "Third Party Advisory", ], url: "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", }, { name: "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", refsource: "MLIST", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/17/5", }, { name: "SUSE-SU-2016:1909", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html", }, { name: "https://github.com/libarchive/libarchive/issues/506", refsource: "CONFIRM", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libarchive/libarchive/issues/506", }, { name: "91300", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/91300", }, { name: "GLSA-201701-03", refsource: "GENTOO", tags: [], url: "https://security.gentoo.org/glsa/201701-03", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: true, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2023-09-12T14:45Z", publishedDate: "2016-09-20T14:15Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.