Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-14166 (GCVE-0-2017-14166)
Vulnerability from cvelistv5
- n/a
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:20:40.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" }, { "name": "DSA-4360", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4360" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" }, { "name": "USN-3736-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3736-1/" }, { "name": "GLSA-201908-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201908-11" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-15T17:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" }, { "name": "DSA-4360", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4360" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" }, { "name": "USN-3736-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3736-1/" }, { "name": "GLSA-201908-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201908-11" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" }, { "name": "DSA-4360", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4360" }, { "name": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71", "refsource": "MISC", "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" }, { "name": "USN-3736-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3736-1/" }, { "name": "GLSA-201908-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-11" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14166", "datePublished": "2017-09-06T18:00:00", "dateReserved": "2017-09-06T00:00:00", "dateUpdated": "2024-08-05T19:20:40.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-14166\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-06T18:29:00.273\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.\"},{\"lang\":\"es\",\"value\":\"libarchive 3.3.2 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en mont\u00edculos xml_data y fallo de aplicaci\u00f3n) mediante un archivo xar manipulado. Esto est\u00e1 relacionado con la mala gesti\u00f3n de strings vac\u00edos en la funci\u00f3n atol8 en archive_read_support_format_xar.c.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libarchive:libarchive:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3FF21B2-41AD-446B-9EE5-184F573973E7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]}],\"references\":[{\"url\":\"https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-11\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3736-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4360\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3736-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhea-2021:1580
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libarchive is now available for Red Hat Enterprise Linux 8.", "title": "Topic" }, { "category": "general", "text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHEA-2021:1580", "url": "https://access.redhat.com/errata/RHEA-2021:1580" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index" }, { "category": "external", "summary": "1827927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827927" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1580.json" } ], "title": "Red Hat Enhancement Advisory: libarchive bug fix and enhancement update", "tracking": { "current_release_date": "2025-08-28T21:50:47+00:00", "generator": { "date": "2025-08-28T21:50:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.6" } }, "id": "RHEA-2021:1580", "initial_release_date": "2021-05-18T13:25:24+00:00", "revision_history": [ { "date": "2021-05-18T13:25:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-18T13:25:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-08-28T21:50:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat CodeReady Linux Builder (v. 8)", "product": { "name": "Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::crb" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x", "product_id": "libarchive-devel-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.s390x", "product": { "name": "bsdtar-0:3.3.3-1.el8.s390x", "product_id": "bsdtar-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-0:3.3.3-1.el8.s390x", "product_id": "libarchive-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdtar-0:3.3.3-1.el8.x86_64", "product_id": "bsdtar-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.i686", "product_id": "libarchive-devel-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-0:3.3.3-1.el8.i686", "product_id": "libarchive-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le", "product_id": "bsdtar-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdtar-0:3.3.3-1.el8.aarch64", "product_id": "bsdtar-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.src", "product": { "name": "libarchive-0:3.3.3-1.el8.src", "product_id": "libarchive-0:3.3.3-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src" }, "product_reference": "libarchive-0:3.3.3-1.el8.src", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src" }, "product_reference": "libarchive-0:3.3.3-1.el8.src", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-14166", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2017-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1489852" } ], "notes": [ { "category": "description", "text": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Heap-based buffer over-read in the atol8 function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14166" }, { "category": "external", "summary": "RHBZ#1489852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489852" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14166", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14166" } ], "release_date": "2017-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libarchive: Heap-based buffer over-read in the atol8 function" }, { "cve": "CVE-2017-14501", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494460" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Out-of-bounds read in parse_file_info", "title": "Vulnerability summary" }, { "category": "other", "text": "Starting in Red Hat Enterprise Linux (RHEL) 8.4.0 already fixed version of the libarchive packages is shipped, therefore RHEL 8.4.0 and later versions are not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14501" }, { "category": "external", "summary": "RHBZ#1494460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494460" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14501", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14501" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14501", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14501" } ], "release_date": "2017-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libarchive: Out-of-bounds read in parse_file_info" }, { "cve": "CVE-2017-14502", "cwe": { "id": "CWE-193", "name": "Off-by-one Error" }, "discovery_date": "2017-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494463" } ], "notes": [ { "category": "description", "text": "read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Off-by-one error in the read_header function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14502" }, { "category": "external", "summary": "RHBZ#1494463", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494463" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14502", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14502" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14502", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14502" } ], "release_date": "2017-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libarchive: Off-by-one error in the read_header function" } ] }
rhea-2021_1580
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libarchive is now available for Red Hat Enterprise Linux 8.", "title": "Topic" }, { "category": "general", "text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHEA-2021:1580", "url": "https://access.redhat.com/errata/RHEA-2021:1580" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index" }, { "category": "external", "summary": "1827927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827927" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1580.json" } ], "title": "Red Hat Enhancement Advisory: libarchive bug fix and enhancement update", "tracking": { "current_release_date": "2024-11-22T15:47:03+00:00", "generator": { "date": "2024-11-22T15:47:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHEA-2021:1580", "initial_release_date": "2021-05-18T13:25:24+00:00", "revision_history": [ { "date": "2021-05-18T13:25:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-18T13:25:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T15:47:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat CodeReady Linux Builder (v. 8)", "product": { "name": "Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::crb" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x", "product_id": "libarchive-devel-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.s390x", "product": { "name": "bsdtar-0:3.3.3-1.el8.s390x", "product_id": "bsdtar-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-0:3.3.3-1.el8.s390x", "product_id": "libarchive-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdtar-0:3.3.3-1.el8.x86_64", "product_id": "bsdtar-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.i686", "product_id": "libarchive-devel-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-0:3.3.3-1.el8.i686", "product_id": "libarchive-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le", "product_id": "bsdtar-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdtar-0:3.3.3-1.el8.aarch64", "product_id": "bsdtar-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.src", "product": { "name": "libarchive-0:3.3.3-1.el8.src", "product_id": "libarchive-0:3.3.3-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src" }, "product_reference": "libarchive-0:3.3.3-1.el8.src", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src" }, "product_reference": "libarchive-0:3.3.3-1.el8.src", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-14166", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2017-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1489852" } ], "notes": [ { "category": "description", "text": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Heap-based buffer over-read in the atol8 function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14166" }, { "category": "external", "summary": "RHBZ#1489852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489852" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14166", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14166" } ], "release_date": "2017-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libarchive: Heap-based buffer over-read in the atol8 function" }, { "cve": "CVE-2017-14501", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494460" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Out-of-bounds read in parse_file_info", "title": "Vulnerability summary" }, { "category": "other", "text": "Starting in Red Hat Enterprise Linux (RHEL) 8.4.0 already fixed version of the libarchive packages is shipped, therefore RHEL 8.4.0 and later versions are not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14501" }, { "category": "external", "summary": "RHBZ#1494460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494460" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14501", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14501" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14501", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14501" } ], "release_date": "2017-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libarchive: Out-of-bounds read in parse_file_info" }, { "cve": "CVE-2017-14502", "cwe": { "id": "CWE-193", "name": "Off-by-one Error" }, "discovery_date": "2017-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494463" } ], "notes": [ { "category": "description", "text": "read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Off-by-one error in the read_header function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14502" }, { "category": "external", "summary": "RHBZ#1494463", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494463" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14502", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14502" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14502", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14502" } ], "release_date": "2017-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libarchive: Off-by-one error in the read_header function" } ] }
RHEA-2021:1580
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libarchive is now available for Red Hat Enterprise Linux 8.", "title": "Topic" }, { "category": "general", "text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHEA-2021:1580", "url": "https://access.redhat.com/errata/RHEA-2021:1580" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index" }, { "category": "external", "summary": "1827927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827927" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1580.json" } ], "title": "Red Hat Enhancement Advisory: libarchive bug fix and enhancement update", "tracking": { "current_release_date": "2025-08-28T21:50:47+00:00", "generator": { "date": "2025-08-28T21:50:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.6" } }, "id": "RHEA-2021:1580", "initial_release_date": "2021-05-18T13:25:24+00:00", "revision_history": [ { "date": "2021-05-18T13:25:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-18T13:25:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-08-28T21:50:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat CodeReady Linux Builder (v. 8)", "product": { "name": "Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::crb" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x", "product_id": "libarchive-devel-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.s390x", "product": { "name": "bsdtar-0:3.3.3-1.el8.s390x", "product_id": "bsdtar-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.s390x", "product": { "name": "libarchive-0:3.3.3-1.el8.s390x", "product_id": "libarchive-0:3.3.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-devel-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.x86_64", "product": { "name": "bsdtar-0:3.3.3-1.el8.x86_64", "product_id": "bsdtar-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.x86_64", "product": { "name": "libarchive-0:3.3.3-1.el8.x86_64", "product_id": "libarchive-0:3.3.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.i686", "product_id": "libarchive-devel-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=i686" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.i686", "product": { "name": "libarchive-0:3.3.3-1.el8.i686", "product_id": "libarchive-0:3.3.3-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.ppc64le", "product": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le", "product_id": "bsdtar-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.ppc64le", "product": { "name": "libarchive-0:3.3.3-1.el8.ppc64le", "product_id": "libarchive-0:3.3.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-devel-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-devel@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debugsource@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bsdtar-0:3.3.3-1.el8.aarch64", "product": { "name": "bsdtar-0:3.3.3-1.el8.aarch64", "product_id": "bsdtar-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bsdtar@3.3.3-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.aarch64", "product": { "name": "libarchive-0:3.3.3-1.el8.aarch64", "product_id": "libarchive-0:3.3.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libarchive-0:3.3.3-1.el8.src", "product": { "name": "libarchive-0:3.3.3-1.el8.src", "product_id": "libarchive-0:3.3.3-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libarchive@3.3.3-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src" }, "product_reference": "libarchive-0:3.3.3-1.el8.src", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.i686", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src" }, "product_reference": "libarchive-0:3.3.3-1.el8.src", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-debugsource-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-debugsource-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.aarch64", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.i686", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.ppc64le", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.s390x", "relates_to_product_reference": "CRB-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-0:3.3.3-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" }, "product_reference": "libarchive-devel-0:3.3.3-1.el8.x86_64", "relates_to_product_reference": "CRB-8.4.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-14166", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2017-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1489852" } ], "notes": [ { "category": "description", "text": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Heap-based buffer over-read in the atol8 function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14166" }, { "category": "external", "summary": "RHBZ#1489852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489852" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14166", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14166" } ], "release_date": "2017-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libarchive: Heap-based buffer over-read in the atol8 function" }, { "cve": "CVE-2017-14501", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494460" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Out-of-bounds read in parse_file_info", "title": "Vulnerability summary" }, { "category": "other", "text": "Starting in Red Hat Enterprise Linux (RHEL) 8.4.0 already fixed version of the libarchive packages is shipped, therefore RHEL 8.4.0 and later versions are not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14501" }, { "category": "external", "summary": "RHBZ#1494460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494460" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14501", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14501" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14501", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14501" } ], "release_date": "2017-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libarchive: Out-of-bounds read in parse_file_info" }, { "cve": "CVE-2017-14502", "cwe": { "id": "CWE-193", "name": "Off-by-one Error" }, "discovery_date": "2017-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494463" } ], "notes": [ { "category": "description", "text": "read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.", "title": "Vulnerability description" }, { "category": "summary", "text": "libarchive: Off-by-one error in the read_header function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14502" }, { "category": "external", "summary": "RHBZ#1494463", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494463" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14502", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14502" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14502", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14502" } ], "release_date": "2017-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T13:25:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:1580" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "BaseOS-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "BaseOS-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcat-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdcpio-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:bsdtar-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.src", "CRB-8.4.0.GA:libarchive-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debuginfo-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-debugsource-0:3.3.3-1.el8.x86_64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.aarch64", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.i686", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.ppc64le", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.s390x", "CRB-8.4.0.GA:libarchive-devel-0:3.3.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libarchive: Off-by-one error in the read_header function" } ] }
suse-su-2018:3640-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libarchive", "title": "Title of the patch" }, { "category": "description", "text": "This update for libarchive fixes the following issues:\n\n- CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089)\n- CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008)\n- CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009)\n- CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514)\n- CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139)\n- CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)\n- CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100)\n\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-DESKTOP-12-SP3-2018-2594,SUSE-SLE-SDK-12-SP3-2018-2594,SUSE-SLE-SERVER-12-SP3-2018-2594", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3640-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2018:3640-1", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183640-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2018:3640-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004833.html" }, { "category": "self", "summary": "SUSE Bug 1032089", "url": "https://bugzilla.suse.com/1032089" }, { "category": "self", "summary": "SUSE Bug 1037008", "url": "https://bugzilla.suse.com/1037008" }, { "category": "self", "summary": "SUSE Bug 1037009", "url": "https://bugzilla.suse.com/1037009" }, { "category": "self", "summary": "SUSE Bug 1057514", "url": "https://bugzilla.suse.com/1057514" }, { "category": "self", "summary": "SUSE Bug 1059100", "url": "https://bugzilla.suse.com/1059100" }, { "category": "self", "summary": "SUSE Bug 1059134", "url": "https://bugzilla.suse.com/1059134" }, { "category": "self", "summary": "SUSE Bug 1059139", "url": "https://bugzilla.suse.com/1059139" }, { "category": "self", "summary": "SUSE CVE CVE-2016-10209 page", "url": "https://www.suse.com/security/cve/CVE-2016-10209/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-10349 page", "url": "https://www.suse.com/security/cve/CVE-2016-10349/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-10350 page", "url": "https://www.suse.com/security/cve/CVE-2016-10350/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14166 page", "url": "https://www.suse.com/security/cve/CVE-2017-14166/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14501 page", "url": "https://www.suse.com/security/cve/CVE-2017-14501/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14502 page", "url": "https://www.suse.com/security/cve/CVE-2017-14502/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14503 page", "url": "https://www.suse.com/security/cve/CVE-2017-14503/" } ], "title": "Security update for libarchive", "tracking": { "current_release_date": "2018-11-07T10:14:01Z", "generator": { "date": "2018-11-07T10:14:01Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2018:3640-1", "initial_release_date": "2018-11-07T10:14:01Z", "revision_history": [ { "date": "2018-11-07T10:14:01Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libarchive-devel-3.1.2-26.3.1.aarch64", "product": { "name": "libarchive-devel-3.1.2-26.3.1.aarch64", "product_id": "libarchive-devel-3.1.2-26.3.1.aarch64" } }, { "category": "product_version", "name": "libarchive13-3.1.2-26.3.1.aarch64", "product": { "name": "libarchive13-3.1.2-26.3.1.aarch64", "product_id": "libarchive13-3.1.2-26.3.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-3.1.2-26.3.1.ppc64le", "product": { "name": "libarchive-devel-3.1.2-26.3.1.ppc64le", "product_id": "libarchive-devel-3.1.2-26.3.1.ppc64le" } }, { "category": "product_version", "name": "libarchive13-3.1.2-26.3.1.ppc64le", "product": { "name": "libarchive13-3.1.2-26.3.1.ppc64le", "product_id": "libarchive13-3.1.2-26.3.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-3.1.2-26.3.1.s390x", "product": { "name": "libarchive-devel-3.1.2-26.3.1.s390x", "product_id": "libarchive-devel-3.1.2-26.3.1.s390x" } }, { "category": "product_version", "name": "libarchive13-3.1.2-26.3.1.s390x", "product": { "name": "libarchive13-3.1.2-26.3.1.s390x", "product_id": "libarchive13-3.1.2-26.3.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libarchive13-3.1.2-26.3.1.x86_64", "product": { "name": "libarchive13-3.1.2-26.3.1.x86_64", "product_id": "libarchive13-3.1.2-26.3.1.x86_64" } }, { "category": "product_version", "name": "libarchive-devel-3.1.2-26.3.1.x86_64", "product": { "name": "libarchive-devel-3.1.2-26.3.1.x86_64", "product_id": "libarchive-devel-3.1.2-26.3.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP3", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP3", "product": { "name": "SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp3" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64" }, "product_reference": "libarchive13-3.1.2-26.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.1.2-26.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64" }, "product_reference": "libarchive-devel-3.1.2-26.3.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.1.2-26.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le" }, "product_reference": "libarchive-devel-3.1.2-26.3.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.1.2-26.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x" }, "product_reference": "libarchive-devel-3.1.2-26.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.1.2-26.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" }, "product_reference": "libarchive-devel-3.1.2-26.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64" }, "product_reference": "libarchive13-3.1.2-26.3.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le" }, "product_reference": "libarchive13-3.1.2-26.3.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x" }, "product_reference": "libarchive13-3.1.2-26.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64" }, "product_reference": "libarchive13-3.1.2-26.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64" }, "product_reference": "libarchive13-3.1.2-26.3.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le" }, "product_reference": "libarchive13-3.1.2-26.3.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x" }, "product_reference": "libarchive13-3.1.2-26.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64" }, "product_reference": "libarchive13-3.1.2-26.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-10209", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-10209" } ], "notes": [ { "category": "general", "text": "The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-10209", "url": "https://www.suse.com/security/cve/CVE-2016-10209" }, { "category": "external", "summary": "SUSE Bug 1032089 for CVE-2016-10209", "url": "https://bugzilla.suse.com/1032089" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-11-07T10:14:01Z", "details": "moderate" } ], "title": "CVE-2016-10209" }, { "cve": "CVE-2016-10349", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-10349" } ], "notes": [ { "category": "general", "text": "The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-10349", "url": "https://www.suse.com/security/cve/CVE-2016-10349" }, { "category": "external", "summary": "SUSE Bug 1037008 for CVE-2016-10349", "url": "https://bugzilla.suse.com/1037008" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-11-07T10:14:01Z", "details": "moderate" } ], "title": "CVE-2016-10349" }, { "cve": "CVE-2016-10350", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-10350" } ], "notes": [ { "category": "general", "text": "The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-10350", "url": "https://www.suse.com/security/cve/CVE-2016-10350" }, { "category": "external", "summary": "SUSE Bug 1037009 for CVE-2016-10350", "url": "https://bugzilla.suse.com/1037009" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-11-07T10:14:01Z", "details": "moderate" } ], "title": "CVE-2016-10350" }, { "cve": "CVE-2017-14166", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14166" } ], "notes": [ { "category": "general", "text": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14166", "url": "https://www.suse.com/security/cve/CVE-2017-14166" }, { "category": "external", "summary": "SUSE Bug 1057514 for CVE-2017-14166", "url": "https://bugzilla.suse.com/1057514" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-11-07T10:14:01Z", "details": "moderate" } ], "title": "CVE-2017-14166" }, { "cve": "CVE-2017-14501", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14501" } ], "notes": [ { "category": "general", "text": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14501", "url": "https://www.suse.com/security/cve/CVE-2017-14501" }, { "category": "external", "summary": "SUSE Bug 1059139 for CVE-2017-14501", "url": "https://bugzilla.suse.com/1059139" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-11-07T10:14:01Z", "details": "low" } ], "title": "CVE-2017-14501" }, { "cve": "CVE-2017-14502", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14502" } ], "notes": [ { "category": "general", "text": "read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14502", "url": "https://www.suse.com/security/cve/CVE-2017-14502" }, { "category": "external", "summary": "SUSE Bug 1059134 for CVE-2017-14502", "url": "https://bugzilla.suse.com/1059134" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-11-07T10:14:01Z", "details": "moderate" } ], "title": "CVE-2017-14502" }, { "cve": "CVE-2017-14503", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14503" } ], "notes": [ { "category": "general", "text": "libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14503", "url": "https://www.suse.com/security/cve/CVE-2017-14503" }, { "category": "external", "summary": "SUSE Bug 1059100 for CVE-2017-14503", "url": "https://bugzilla.suse.com/1059100" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-11-07T10:14:01Z", "details": "moderate" } ], "title": "CVE-2017-14503" } ] }
suse-su-2018:3640-2
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libarchive", "title": "Title of the patch" }, { "category": "description", "text": "This update for libarchive fixes the following issues:\n\n- CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089)\n- CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008)\n- CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009)\n- CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514)\n- CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139)\n- CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)\n- CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100)\n\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-DESKTOP-12-SP4-2018-2594,SUSE-SLE-SDK-12-SP4-2018-2594,SUSE-SLE-SERVER-12-SP4-2018-2594", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3640-2.json" }, { "category": "self", "summary": "URL for SUSE-SU-2018:3640-2", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2018:3640-2", "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004927.html" }, { "category": "self", "summary": "SUSE Bug 1032089", "url": "https://bugzilla.suse.com/1032089" }, { "category": "self", "summary": "SUSE Bug 1037008", "url": "https://bugzilla.suse.com/1037008" }, { "category": "self", "summary": "SUSE Bug 1037009", "url": "https://bugzilla.suse.com/1037009" }, { "category": "self", "summary": "SUSE Bug 1057514", "url": "https://bugzilla.suse.com/1057514" }, { "category": "self", "summary": "SUSE Bug 1059100", "url": "https://bugzilla.suse.com/1059100" }, { "category": "self", "summary": "SUSE Bug 1059134", "url": "https://bugzilla.suse.com/1059134" }, { "category": "self", "summary": "SUSE Bug 1059139", "url": "https://bugzilla.suse.com/1059139" }, { "category": "self", "summary": "SUSE CVE CVE-2016-10209 page", "url": "https://www.suse.com/security/cve/CVE-2016-10209/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-10349 page", "url": "https://www.suse.com/security/cve/CVE-2016-10349/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-10350 page", "url": "https://www.suse.com/security/cve/CVE-2016-10350/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14166 page", "url": "https://www.suse.com/security/cve/CVE-2017-14166/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14501 page", "url": "https://www.suse.com/security/cve/CVE-2017-14501/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14502 page", "url": "https://www.suse.com/security/cve/CVE-2017-14502/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14503 page", "url": "https://www.suse.com/security/cve/CVE-2017-14503/" } ], "title": "Security update for libarchive", "tracking": { "current_release_date": "2018-12-06T13:20:47Z", "generator": { "date": "2018-12-06T13:20:47Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2018:3640-2", "initial_release_date": "2018-12-06T13:20:47Z", "revision_history": [ { "date": "2018-12-06T13:20:47Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libarchive-devel-3.1.2-26.3.1.aarch64", "product": { "name": "libarchive-devel-3.1.2-26.3.1.aarch64", "product_id": "libarchive-devel-3.1.2-26.3.1.aarch64" } }, { "category": "product_version", "name": "libarchive13-3.1.2-26.3.1.aarch64", "product": { "name": "libarchive13-3.1.2-26.3.1.aarch64", "product_id": "libarchive13-3.1.2-26.3.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-3.1.2-26.3.1.ppc64le", "product": { "name": "libarchive-devel-3.1.2-26.3.1.ppc64le", "product_id": "libarchive-devel-3.1.2-26.3.1.ppc64le" } }, { "category": "product_version", "name": "libarchive13-3.1.2-26.3.1.ppc64le", "product": { "name": "libarchive13-3.1.2-26.3.1.ppc64le", "product_id": "libarchive13-3.1.2-26.3.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libarchive-devel-3.1.2-26.3.1.s390x", "product": { "name": "libarchive-devel-3.1.2-26.3.1.s390x", "product_id": "libarchive-devel-3.1.2-26.3.1.s390x" } }, { "category": "product_version", "name": "libarchive13-3.1.2-26.3.1.s390x", "product": { "name": "libarchive13-3.1.2-26.3.1.s390x", "product_id": "libarchive13-3.1.2-26.3.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libarchive13-3.1.2-26.3.1.x86_64", "product": { "name": "libarchive13-3.1.2-26.3.1.x86_64", "product_id": "libarchive13-3.1.2-26.3.1.x86_64" } }, { "category": "product_version", "name": "libarchive-devel-3.1.2-26.3.1.x86_64", "product": { "name": "libarchive-devel-3.1.2-26.3.1.x86_64", "product_id": "libarchive-devel-3.1.2-26.3.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP4", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP4", "product": { "name": "SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64" }, "product_reference": "libarchive13-3.1.2-26.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.1.2-26.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64" }, "product_reference": "libarchive-devel-3.1.2-26.3.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.1.2-26.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le" }, "product_reference": "libarchive-devel-3.1.2-26.3.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.1.2-26.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x" }, "product_reference": "libarchive-devel-3.1.2-26.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.1.2-26.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" }, "product_reference": "libarchive-devel-3.1.2-26.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64" }, "product_reference": "libarchive13-3.1.2-26.3.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le" }, "product_reference": "libarchive13-3.1.2-26.3.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x" }, "product_reference": "libarchive13-3.1.2-26.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64" }, "product_reference": "libarchive13-3.1.2-26.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64" }, "product_reference": "libarchive13-3.1.2-26.3.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le" }, "product_reference": "libarchive13-3.1.2-26.3.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x" }, "product_reference": "libarchive13-3.1.2-26.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.1.2-26.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64" }, "product_reference": "libarchive13-3.1.2-26.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-10209", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-10209" } ], "notes": [ { "category": "general", "text": "The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-10209", "url": "https://www.suse.com/security/cve/CVE-2016-10209" }, { "category": "external", "summary": "SUSE Bug 1032089 for CVE-2016-10209", "url": "https://bugzilla.suse.com/1032089" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-12-06T13:20:47Z", "details": "moderate" } ], "title": "CVE-2016-10209" }, { "cve": "CVE-2016-10349", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-10349" } ], "notes": [ { "category": "general", "text": "The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-10349", "url": "https://www.suse.com/security/cve/CVE-2016-10349" }, { "category": "external", "summary": "SUSE Bug 1037008 for CVE-2016-10349", "url": "https://bugzilla.suse.com/1037008" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-12-06T13:20:47Z", "details": "moderate" } ], "title": "CVE-2016-10349" }, { "cve": "CVE-2016-10350", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-10350" } ], "notes": [ { "category": "general", "text": "The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-10350", "url": "https://www.suse.com/security/cve/CVE-2016-10350" }, { "category": "external", "summary": "SUSE Bug 1037009 for CVE-2016-10350", "url": "https://bugzilla.suse.com/1037009" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-12-06T13:20:47Z", "details": "moderate" } ], "title": "CVE-2016-10350" }, { "cve": "CVE-2017-14166", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14166" } ], "notes": [ { "category": "general", "text": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14166", "url": "https://www.suse.com/security/cve/CVE-2017-14166" }, { "category": "external", "summary": "SUSE Bug 1057514 for CVE-2017-14166", "url": "https://bugzilla.suse.com/1057514" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-12-06T13:20:47Z", "details": "moderate" } ], "title": "CVE-2017-14166" }, { "cve": "CVE-2017-14501", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14501" } ], "notes": [ { "category": "general", "text": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14501", "url": "https://www.suse.com/security/cve/CVE-2017-14501" }, { "category": "external", "summary": "SUSE Bug 1059139 for CVE-2017-14501", "url": "https://bugzilla.suse.com/1059139" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-12-06T13:20:47Z", "details": "low" } ], "title": "CVE-2017-14501" }, { "cve": "CVE-2017-14502", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14502" } ], "notes": [ { "category": "general", "text": "read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14502", "url": "https://www.suse.com/security/cve/CVE-2017-14502" }, { "category": "external", "summary": "SUSE Bug 1059134 for CVE-2017-14502", "url": "https://bugzilla.suse.com/1059134" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-12-06T13:20:47Z", "details": "moderate" } ], "title": "CVE-2017-14502" }, { "cve": "CVE-2017-14503", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14503" } ], "notes": [ { "category": "general", "text": "libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14503", "url": "https://www.suse.com/security/cve/CVE-2017-14503" }, { "category": "external", "summary": "SUSE Bug 1059100 for CVE-2017-14503", "url": "https://bugzilla.suse.com/1059100" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-12-06T13:20:47Z", "details": "moderate" } ], "title": "CVE-2017-14503" } ] }
suse-ru-2021:2757-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Recommended update for libarchive", "title": "Title of the patch" }, { "category": "description", "text": "This update for libarchive fixes the following issues:\n\nlibarchive was updated to version 3.3.3\n\n* Avoid super-linear slowdown on malformed mtree files\n* Many fixes for building with Visual Studio\n* NO_OVERWRITE doesn\u0027t change existing directory attributes\n* New support for Zstandard read and write filters\n* Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503\n- Needed by of Firefox91 (bsc#1188891)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2021-2757,SUSE-SLE-Product-HPC-15-2021-2757,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2757,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2757,SUSE-SLE-Product-SLES-15-2021-2757,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2757,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2757,SUSE-SLE-Product-SLES_SAP-15-2021-2757,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2757,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2757,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2757,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2757,SUSE-Storage-6-2021-2757", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2021_2757-1.json" }, { "category": "self", "summary": "URL for SUSE-RU-2021:2757-1", "url": "https://www.suse.com/support/update/announcement//suse-ru-20212757-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-RU-2021:2757-1", "url": "https://lists.suse.com/pipermail/sle-updates/2021-August/019872.html" }, { "category": "self", "summary": "SUSE Bug 1188891", "url": "https://bugzilla.suse.com/1188891" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14166 page", "url": "https://www.suse.com/security/cve/CVE-2017-14166/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14501 page", "url": "https://www.suse.com/security/cve/CVE-2017-14501/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14502 page", "url": "https://www.suse.com/security/cve/CVE-2017-14502/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14503 page", "url": "https://www.suse.com/security/cve/CVE-2017-14503/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-18408 page", "url": "https://www.suse.com/security/cve/CVE-2019-18408/" } ], "title": "Recommended update for libarchive", "tracking": { "current_release_date": "2021-08-17T11:47:07Z", "generator": { "date": "2021-08-17T11:47:07Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-RU-2021:2757-1", "initial_release_date": "2021-08-17T11:47:07Z", "revision_history": [ { "date": "2021-08-17T11:47:07Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "bsdtar-3.3.3-3.14.1.aarch64", "product": { "name": "bsdtar-3.3.3-3.14.1.aarch64", "product_id": "bsdtar-3.3.3-3.14.1.aarch64" } }, { "category": "product_version", "name": "libarchive-devel-3.3.3-3.14.1.aarch64", "product": { "name": "libarchive-devel-3.3.3-3.14.1.aarch64", "product_id": "libarchive-devel-3.3.3-3.14.1.aarch64" } }, { "category": "product_version", "name": "libarchive13-3.3.3-3.14.1.aarch64", "product": { "name": "libarchive13-3.3.3-3.14.1.aarch64", "product_id": "libarchive13-3.3.3-3.14.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libarchive13-64bit-3.3.3-3.14.1.aarch64_ilp32", "product": { "name": "libarchive13-64bit-3.3.3-3.14.1.aarch64_ilp32", "product_id": "libarchive13-64bit-3.3.3-3.14.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "bsdtar-3.3.3-3.14.1.i586", "product": { "name": "bsdtar-3.3.3-3.14.1.i586", "product_id": "bsdtar-3.3.3-3.14.1.i586" } }, { "category": "product_version", "name": "libarchive-devel-3.3.3-3.14.1.i586", "product": { "name": "libarchive-devel-3.3.3-3.14.1.i586", "product_id": "libarchive-devel-3.3.3-3.14.1.i586" } }, { "category": "product_version", "name": "libarchive13-3.3.3-3.14.1.i586", "product": { "name": "libarchive13-3.3.3-3.14.1.i586", "product_id": "libarchive13-3.3.3-3.14.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "bsdtar-3.3.3-3.14.1.ppc64le", "product": { "name": "bsdtar-3.3.3-3.14.1.ppc64le", "product_id": "bsdtar-3.3.3-3.14.1.ppc64le" } }, { "category": "product_version", "name": "libarchive-devel-3.3.3-3.14.1.ppc64le", "product": { "name": "libarchive-devel-3.3.3-3.14.1.ppc64le", "product_id": "libarchive-devel-3.3.3-3.14.1.ppc64le" } }, { "category": "product_version", "name": "libarchive13-3.3.3-3.14.1.ppc64le", "product": { "name": "libarchive13-3.3.3-3.14.1.ppc64le", "product_id": "libarchive13-3.3.3-3.14.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "bsdtar-3.3.3-3.14.1.s390x", "product": { "name": "bsdtar-3.3.3-3.14.1.s390x", "product_id": "bsdtar-3.3.3-3.14.1.s390x" } }, { "category": "product_version", "name": "libarchive-devel-3.3.3-3.14.1.s390x", "product": { "name": "libarchive-devel-3.3.3-3.14.1.s390x", "product_id": "libarchive-devel-3.3.3-3.14.1.s390x" } }, { "category": "product_version", "name": "libarchive13-3.3.3-3.14.1.s390x", "product": { "name": "libarchive13-3.3.3-3.14.1.s390x", "product_id": "libarchive13-3.3.3-3.14.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "bsdtar-3.3.3-3.14.1.x86_64", "product": { "name": "bsdtar-3.3.3-3.14.1.x86_64", "product_id": "bsdtar-3.3.3-3.14.1.x86_64" } }, { "category": "product_version", "name": "libarchive-devel-3.3.3-3.14.1.x86_64", "product": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64", "product_id": "libarchive-devel-3.3.3-3.14.1.x86_64" } }, { "category": "product_version", "name": "libarchive13-3.3.3-3.14.1.x86_64", "product": { "name": "libarchive13-3.3.3-3.14.1.x86_64", "product_id": "libarchive13-3.3.3-3.14.1.x86_64" } }, { "category": "product_version", "name": "libarchive13-32bit-3.3.3-3.14.1.x86_64", "product": { "name": "libarchive13-32bit-3.3.3-3.14.1.x86_64", "product_id": "libarchive13-32bit-3.3.3-3.14.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product": { "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product_identification_helper": { "cpe": "cpe:/o:suse:sle_hpc-espos:15" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "product": { "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sle_hpc-ltss:15" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product": { "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product_identification_helper": { "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product": { "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 15-LTSS", "product": { "name": "SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:15" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 15 SP1-BCL", "product": { "name": "SUSE Linux Enterprise Server 15 SP1-BCL", "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_bcl:15:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 15 SP1-LTSS", "product": { "name": "SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:15:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 15", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 15", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:15" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:15:sp1" } } }, { "category": "product_name", "name": "SUSE Manager Proxy 4.0", "product": { "name": "SUSE Manager Proxy 4.0", "product_id": "SUSE Manager Proxy 4.0", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-proxy:4.0" } } }, { "category": "product_name", "name": "SUSE Manager Retail Branch Server 4.0", "product": { "name": "SUSE Manager Retail Branch Server 4.0", "product_id": "SUSE Manager Retail Branch Server 4.0", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.0" } } }, { "category": "product_name", "name": "SUSE Manager Server 4.0", "product": { "name": "SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-server:4.0" } } }, { "category": "product_name", "name": "SUSE Enterprise Storage 6", "product": { "name": "SUSE Enterprise Storage 6", "product_id": "SUSE Enterprise Storage 6", "product_identification_helper": { "cpe": "cpe:/o:suse:ses:6" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64" }, "product_reference": "bsdtar-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive13-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64" }, "product_reference": "bsdtar-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive13-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64" }, "product_reference": "bsdtar-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive13-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64" }, "product_reference": "bsdtar-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive13-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64" }, "product_reference": "bsdtar-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le" }, "product_reference": "bsdtar-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x" }, "product_reference": "bsdtar-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive13-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive13-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x" }, "product_reference": "libarchive13-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", "product_id": "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64" }, "product_reference": "bsdtar-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le" }, "product_reference": "bsdtar-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x" }, "product_reference": "bsdtar-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive13-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive13-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x" }, "product_reference": "libarchive13-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le" }, "product_reference": "bsdtar-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive13-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le" }, "product_reference": "bsdtar-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive13-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Manager Proxy 4.0", "product_id": "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Proxy 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Manager Proxy 4.0", "product_id": "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Proxy 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Manager Proxy 4.0", "product_id": "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Proxy 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0", "product_id": "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0", "product_id": "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0", "product_id": "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.ppc64le as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le" }, "product_reference": "bsdtar-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.s390x as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x" }, "product_reference": "bsdtar-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.ppc64le as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.s390x as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.ppc64le as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le" }, "product_reference": "libarchive13-3.3.3-3.14.1.ppc64le", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.s390x as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x" }, "product_reference": "libarchive13-3.3.3-3.14.1.s390x", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Manager Server 4.0", "product_id": "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Manager Server 4.0" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.aarch64 as component of SUSE Enterprise Storage 6", "product_id": "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64" }, "product_reference": "bsdtar-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Enterprise Storage 6" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.3.3-3.14.1.x86_64 as component of SUSE Enterprise Storage 6", "product_id": "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64" }, "product_reference": "bsdtar-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 6" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.aarch64 as component of SUSE Enterprise Storage 6", "product_id": "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Enterprise Storage 6" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.3.3-3.14.1.x86_64 as component of SUSE Enterprise Storage 6", "product_id": "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive-devel-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 6" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.aarch64 as component of SUSE Enterprise Storage 6", "product_id": "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64" }, "product_reference": "libarchive13-3.3.3-3.14.1.aarch64", "relates_to_product_reference": "SUSE Enterprise Storage 6" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.3.3-3.14.1.x86_64 as component of SUSE Enterprise Storage 6", "product_id": "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64" }, "product_reference": "libarchive13-3.3.3-3.14.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 6" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-14166", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14166" } ], "notes": [ { "category": "general", "text": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14166", "url": "https://www.suse.com/security/cve/CVE-2017-14166" }, { "category": "external", "summary": "SUSE Bug 1057514 for CVE-2017-14166", "url": "https://bugzilla.suse.com/1057514" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-08-17T11:47:07Z", "details": "moderate" } ], "title": "CVE-2017-14166" }, { "cve": "CVE-2017-14501", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14501" } ], "notes": [ { "category": "general", "text": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14501", "url": "https://www.suse.com/security/cve/CVE-2017-14501" }, { "category": "external", "summary": "SUSE Bug 1059139 for CVE-2017-14501", "url": "https://bugzilla.suse.com/1059139" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-08-17T11:47:07Z", "details": "low" } ], "title": "CVE-2017-14501" }, { "cve": "CVE-2017-14502", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14502" } ], "notes": [ { "category": "general", "text": "read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14502", "url": "https://www.suse.com/security/cve/CVE-2017-14502" }, { "category": "external", "summary": "SUSE Bug 1059134 for CVE-2017-14502", "url": "https://bugzilla.suse.com/1059134" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-08-17T11:47:07Z", "details": "moderate" } ], "title": "CVE-2017-14502" }, { "cve": "CVE-2017-14503", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14503" } ], "notes": [ { "category": "general", "text": "libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14503", "url": "https://www.suse.com/security/cve/CVE-2017-14503" }, { "category": "external", "summary": "SUSE Bug 1059100 for CVE-2017-14503", "url": "https://bugzilla.suse.com/1059100" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-08-17T11:47:07Z", "details": "moderate" } ], "title": "CVE-2017-14503" }, { "cve": "CVE-2019-18408", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-18408" } ], "notes": [ { "category": "general", "text": "archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-18408", "url": "https://www.suse.com/security/cve/CVE-2019-18408" }, { "category": "external", "summary": "SUSE Bug 1155079 for CVE-2019-18408", "url": "https://bugzilla.suse.com/1155079" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1.x86_64", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.ppc64le", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.s390x", "SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2021-08-17T11:47:07Z", "details": "moderate" } ], "title": "CVE-2019-18408" } ] }
wid-sec-w-2023-1086
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "libarchive ist eine C Bibliothek und ein Komandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter Angreifer kann eine Schwachstelle in libarchive ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1086 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2023-1086.json" }, { "category": "self", "summary": "WID-SEC-2023-1086 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1086" }, { "category": "external", "summary": "IBM Security Bulletin 6986323 vom 2023-04-26", "url": "https://www.ibm.com/support/pages/node/6986323" }, { "category": "external", "summary": "Gentoo Blog vom 2017-09-06", "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3736-1 vom 2018-08-14", "url": "http://www.ubuntu.com/usn/usn-3736-1" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2018-20C24949C0 vom 2018-10-24", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c24949c0" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3640-1 vom 2018-11-07", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183640-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3640-2 vom 2018-12-07", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-4360 vom 2018-12-27", "url": "https://www.debian.org/security/2018/dsa-4360" }, { "category": "external", "summary": "GENTOO Security Advisory GLSA201908-11 vom 2019-08-15", "url": "https://security.gentoo.org/glsa/201908-11" } ], "source_lang": "en-US", "title": "libarchive: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2023-04-26T22:00:00.000+00:00", "generator": { "date": "2024-08-15T17:50:02.977+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-1086", "initial_release_date": "2017-09-06T22:00:00.000+00:00", "revision_history": [ { "date": "2017-09-06T22:00:00.000+00:00", "number": "1", "summary": "Initial Release" }, { "date": "2017-09-06T22:00:00.000+00:00", "number": "2", "summary": "Version nicht vorhanden" }, { "date": "2018-08-13T22:00:00.000+00:00", "number": "3", "summary": "New remediations available" }, { "date": "2018-10-23T22:00:00.000+00:00", "number": "4", "summary": "New remediations available" }, { "date": "2018-11-07T23:00:00.000+00:00", "number": "5", "summary": "New remediations available" }, { "date": "2018-12-09T23:00:00.000+00:00", "number": "6", "summary": "New remediations available" }, { "date": "2018-12-27T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2019-08-15T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von GENTOO aufgenommen" }, { "date": "2023-04-26T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "9" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "IBM MQ", "product": { "name": "IBM MQ", "product_id": "T021398", "product_identification_helper": { "cpe": "cpe:/a:ibm:mq:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Open Source libarchive", "product": { "name": "Open Source libarchive", "product_id": "T004933", "product_identification_helper": { "cpe": "cpe:/a:libarchive:libarchive:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-14166", "notes": [ { "category": "description", "text": "Es existiert eine Heap basierte Puffer\u00fcberlauf-Schwachstelle in libarchive. Ein Angreifer kann diese ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Dazu muss ein Benutzer eine manipulierte Archivdatei \u00f6ffnen." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T004933", "T012167", "T021398" ] }, "release_date": "2017-09-06T22:00:00.000+00:00", "title": "CVE-2017-14166" } ] }
WID-SEC-W-2023-1086
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "libarchive ist eine C Bibliothek und ein Komandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter Angreifer kann eine Schwachstelle in libarchive ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1086 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2023-1086.json" }, { "category": "self", "summary": "WID-SEC-2023-1086 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1086" }, { "category": "external", "summary": "IBM Security Bulletin 6986323 vom 2023-04-26", "url": "https://www.ibm.com/support/pages/node/6986323" }, { "category": "external", "summary": "Gentoo Blog vom 2017-09-06", "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3736-1 vom 2018-08-14", "url": "http://www.ubuntu.com/usn/usn-3736-1" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2018-20C24949C0 vom 2018-10-24", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c24949c0" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3640-1 vom 2018-11-07", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183640-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3640-2 vom 2018-12-07", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-4360 vom 2018-12-27", "url": "https://www.debian.org/security/2018/dsa-4360" }, { "category": "external", "summary": "GENTOO Security Advisory GLSA201908-11 vom 2019-08-15", "url": "https://security.gentoo.org/glsa/201908-11" } ], "source_lang": "en-US", "title": "libarchive: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2023-04-26T22:00:00.000+00:00", "generator": { "date": "2024-08-15T17:50:02.977+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-1086", "initial_release_date": "2017-09-06T22:00:00.000+00:00", "revision_history": [ { "date": "2017-09-06T22:00:00.000+00:00", "number": "1", "summary": "Initial Release" }, { "date": "2017-09-06T22:00:00.000+00:00", "number": "2", "summary": "Version nicht vorhanden" }, { "date": "2018-08-13T22:00:00.000+00:00", "number": "3", "summary": "New remediations available" }, { "date": "2018-10-23T22:00:00.000+00:00", "number": "4", "summary": "New remediations available" }, { "date": "2018-11-07T23:00:00.000+00:00", "number": "5", "summary": "New remediations available" }, { "date": "2018-12-09T23:00:00.000+00:00", "number": "6", "summary": "New remediations available" }, { "date": "2018-12-27T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2019-08-15T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von GENTOO aufgenommen" }, { "date": "2023-04-26T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "9" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "IBM MQ", "product": { "name": "IBM MQ", "product_id": "T021398", "product_identification_helper": { "cpe": "cpe:/a:ibm:mq:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Open Source libarchive", "product": { "name": "Open Source libarchive", "product_id": "T004933", "product_identification_helper": { "cpe": "cpe:/a:libarchive:libarchive:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-14166", "notes": [ { "category": "description", "text": "Es existiert eine Heap basierte Puffer\u00fcberlauf-Schwachstelle in libarchive. Ein Angreifer kann diese ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Dazu muss ein Benutzer eine manipulierte Archivdatei \u00f6ffnen." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T004933", "T012167", "T021398" ] }, "release_date": "2017-09-06T22:00:00.000+00:00", "title": "CVE-2017-14166" } ] }
ghsa-2j9p-6c4h-8967
Vulnerability from github
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
{ "affected": [], "aliases": [ "CVE-2017-14166" ], "database_specific": { "cwe_ids": [ "CWE-125" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-09-06T18:29:00Z", "severity": "MODERATE" }, "details": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "id": "GHSA-2j9p-6c4h-8967", "modified": "2025-04-20T03:44:20Z", "published": "2022-05-14T00:54:10Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14166" }, { "type": "WEB", "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201908-11" }, { "type": "WEB", "url": "https://usn.ubuntu.com/3736-1" }, { "type": "WEB", "url": "https://www.debian.org/security/2018/dsa-4360" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
cnvd-2017-31745
Vulnerability from cnvd
Title: libarchive xml_data拒绝服务漏洞
Description:
libarchive是一个多格式存档和压缩库。
libarchive 3.3.2版本中的xml_data存在安全漏洞。远程攻击者可借助特制的xar归档利用该漏洞造成拒绝服务(基于堆的缓冲区越边界读取和应用程序崩溃)。
Severity: 中
Patch Name: libarchive xml_data拒绝服务漏洞的补丁
Patch Description:
libarchive是一个多格式存档和压缩库。
libarchive 3.3.2版本中的xml_data存在安全漏洞。远程攻击者可借助特制的xar归档利用该漏洞造成拒绝服务(基于堆的缓冲区越边界读取和应用程序崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14166
Name | libarchive libarchive 3.3.2 |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2017-14166" } }, "description": "libarchive\u662f\u4e00\u4e2a\u591a\u683c\u5f0f\u5b58\u6863\u548c\u538b\u7f29\u5e93\u3002\r\n\r\nlibarchive 3.3.2\u7248\u672c\u4e2d\u7684xml_data\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684xar\u5f52\u6863\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u8d8a\u8fb9\u754c\u8bfb\u53d6\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002", "discovererName": "Agostino Sarubbo of Gentoo", "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2017-31745", "openTime": "2017-10-27", "patchDescription": "libarchive\u662f\u4e00\u4e2a\u591a\u683c\u5f0f\u5b58\u6863\u548c\u538b\u7f29\u5e93\u3002\r\n\r\nlibarchive 3.3.2\u7248\u672c\u4e2d\u7684xml_data\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684xar\u5f52\u6863\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u8d8a\u8fb9\u754c\u8bfb\u53d6\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "libarchive xml_data\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": "libarchive libarchive 3.3.2" }, "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-14166", "serverity": "\u4e2d", "submitTime": "2017-09-07", "title": "libarchive xml_data\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e" }
fkie_cve-2017-14166
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
libarchive | libarchive | 3.3.2 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libarchive:libarchive:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3FF21B2-41AD-446B-9EE5-184F573973E7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c." }, { "lang": "es", "value": "libarchive 3.3.2 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en mont\u00edculos xml_data y fallo de aplicaci\u00f3n) mediante un archivo xar manipulado. Esto est\u00e1 relacionado con la mala gesti\u00f3n de strings vac\u00edos en la funci\u00f3n atol8 en archive_read_support_format_xar.c." } ], "id": "CVE-2017-14166", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-09-06T18:29:00.273", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201908-11" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3736-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201908-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3736-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4360" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
gsd-2017-14166
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2017-14166", "description": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "id": "GSD-2017-14166", "references": [ "https://www.suse.com/security/cve/CVE-2017-14166.html", "https://www.debian.org/security/2018/dsa-4360", "https://ubuntu.com/security/CVE-2017-14166", "https://advisories.mageia.org/CVE-2017-14166.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-14166" ], "details": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "id": "GSD-2017-14166", "modified": "2023-12-13T01:21:12.591710Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" }, { "name": "DSA-4360", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4360" }, { "name": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71", "refsource": "MISC", "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" }, { "name": "USN-3736-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3736-1/" }, { "name": "GLSA-201908-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-11" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:libarchive:libarchive:3.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14166" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-125" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" }, { "name": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" }, { "name": "USN-3736-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3736-1/" }, { "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" }, { "name": "DSA-4360", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4360" }, { "name": "GLSA-201908-11", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201908-11" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2019-08-15T18:15Z", "publishedDate": "2017-09-06T18:29Z" } } }
opensuse-su-2024:10925-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "bsdtar-3.5.1-1.5 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the bsdtar-3.5.1-1.5 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2024-10925", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10925-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2006-5680 page", "url": "https://www.suse.com/security/cve/CVE-2006-5680/" }, { "category": "self", "summary": "SUSE CVE CVE-2007-3641 page", "url": "https://www.suse.com/security/cve/CVE-2007-3641/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14166 page", "url": "https://www.suse.com/security/cve/CVE-2017-14166/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-14501 page", "url": "https://www.suse.com/security/cve/CVE-2017-14501/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000877 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000877/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000878 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000878/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000879 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000879/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000880 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000880/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-1000019 page", "url": "https://www.suse.com/security/cve/CVE-2019-1000019/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-1000020 page", "url": "https://www.suse.com/security/cve/CVE-2019-1000020/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-18408 page", "url": "https://www.suse.com/security/cve/CVE-2019-18408/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-19221 page", "url": "https://www.suse.com/security/cve/CVE-2019-19221/" } ], "title": "bsdtar-3.5.1-1.5 on GA media", "tracking": { "current_release_date": "2024-06-15T00:00:00Z", "generator": { "date": "2024-06-15T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2024:10925-1", "initial_release_date": "2024-06-15T00:00:00Z", "revision_history": [ { "date": "2024-06-15T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "bsdtar-3.5.1-1.5.aarch64", "product": { "name": "bsdtar-3.5.1-1.5.aarch64", "product_id": "bsdtar-3.5.1-1.5.aarch64" } }, { "category": "product_version", "name": "libarchive-devel-3.5.1-1.5.aarch64", "product": { "name": "libarchive-devel-3.5.1-1.5.aarch64", "product_id": "libarchive-devel-3.5.1-1.5.aarch64" } }, { "category": "product_version", "name": "libarchive13-3.5.1-1.5.aarch64", "product": { "name": "libarchive13-3.5.1-1.5.aarch64", "product_id": "libarchive13-3.5.1-1.5.aarch64" } }, { "category": "product_version", "name": "libarchive13-32bit-3.5.1-1.5.aarch64", "product": { "name": "libarchive13-32bit-3.5.1-1.5.aarch64", "product_id": "libarchive13-32bit-3.5.1-1.5.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "bsdtar-3.5.1-1.5.ppc64le", "product": { "name": "bsdtar-3.5.1-1.5.ppc64le", "product_id": "bsdtar-3.5.1-1.5.ppc64le" } }, { "category": "product_version", "name": "libarchive-devel-3.5.1-1.5.ppc64le", "product": { "name": "libarchive-devel-3.5.1-1.5.ppc64le", "product_id": "libarchive-devel-3.5.1-1.5.ppc64le" } }, { "category": "product_version", "name": "libarchive13-3.5.1-1.5.ppc64le", "product": { "name": "libarchive13-3.5.1-1.5.ppc64le", "product_id": "libarchive13-3.5.1-1.5.ppc64le" } }, { "category": "product_version", "name": "libarchive13-32bit-3.5.1-1.5.ppc64le", "product": { "name": "libarchive13-32bit-3.5.1-1.5.ppc64le", "product_id": "libarchive13-32bit-3.5.1-1.5.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "bsdtar-3.5.1-1.5.s390x", "product": { "name": "bsdtar-3.5.1-1.5.s390x", "product_id": "bsdtar-3.5.1-1.5.s390x" } }, { "category": "product_version", "name": "libarchive-devel-3.5.1-1.5.s390x", "product": { "name": "libarchive-devel-3.5.1-1.5.s390x", "product_id": "libarchive-devel-3.5.1-1.5.s390x" } }, { "category": "product_version", "name": "libarchive13-3.5.1-1.5.s390x", "product": { "name": "libarchive13-3.5.1-1.5.s390x", "product_id": "libarchive13-3.5.1-1.5.s390x" } }, { "category": "product_version", "name": "libarchive13-32bit-3.5.1-1.5.s390x", "product": { "name": "libarchive13-32bit-3.5.1-1.5.s390x", "product_id": "libarchive13-32bit-3.5.1-1.5.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "bsdtar-3.5.1-1.5.x86_64", "product": { "name": "bsdtar-3.5.1-1.5.x86_64", "product_id": "bsdtar-3.5.1-1.5.x86_64" } }, { "category": "product_version", "name": "libarchive-devel-3.5.1-1.5.x86_64", "product": { "name": "libarchive-devel-3.5.1-1.5.x86_64", "product_id": "libarchive-devel-3.5.1-1.5.x86_64" } }, { "category": "product_version", "name": "libarchive13-3.5.1-1.5.x86_64", "product": { "name": "libarchive13-3.5.1-1.5.x86_64", "product_id": "libarchive13-3.5.1-1.5.x86_64" } }, { "category": "product_version", "name": "libarchive13-32bit-3.5.1-1.5.x86_64", "product": { "name": "libarchive13-32bit-3.5.1-1.5.x86_64", "product_id": "libarchive13-32bit-3.5.1-1.5.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.5.1-1.5.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64" }, "product_reference": "bsdtar-3.5.1-1.5.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.5.1-1.5.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le" }, "product_reference": "bsdtar-3.5.1-1.5.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.5.1-1.5.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x" }, "product_reference": "bsdtar-3.5.1-1.5.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bsdtar-3.5.1-1.5.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64" }, "product_reference": "bsdtar-3.5.1-1.5.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.5.1-1.5.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64" }, "product_reference": "libarchive-devel-3.5.1-1.5.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.5.1-1.5.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le" }, "product_reference": "libarchive-devel-3.5.1-1.5.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.5.1-1.5.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x" }, "product_reference": "libarchive-devel-3.5.1-1.5.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive-devel-3.5.1-1.5.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64" }, "product_reference": "libarchive-devel-3.5.1-1.5.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.5.1-1.5.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64" }, "product_reference": "libarchive13-3.5.1-1.5.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.5.1-1.5.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le" }, "product_reference": "libarchive13-3.5.1-1.5.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.5.1-1.5.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x" }, "product_reference": "libarchive13-3.5.1-1.5.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-3.5.1-1.5.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64" }, "product_reference": "libarchive13-3.5.1-1.5.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-32bit-3.5.1-1.5.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64" }, "product_reference": "libarchive13-32bit-3.5.1-1.5.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-32bit-3.5.1-1.5.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le" }, "product_reference": "libarchive13-32bit-3.5.1-1.5.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-32bit-3.5.1-1.5.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x" }, "product_reference": "libarchive13-32bit-3.5.1-1.5.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libarchive13-32bit-3.5.1-1.5.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" }, "product_reference": "libarchive13-32bit-3.5.1-1.5.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2006-5680", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2006-5680" } ], "notes": [ { "category": "general", "text": "The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2006-5680", "url": "https://www.suse.com/security/cve/CVE-2006-5680" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2006-5680" }, { "cve": "CVE-2007-3641", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2007-3641" } ], "notes": [ { "category": "general", "text": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2007-3641", "url": "https://www.suse.com/security/cve/CVE-2007-3641" }, { "category": "external", "summary": "SUSE Bug 291358 for CVE-2007-3641", "url": "https://bugzilla.suse.com/291358" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "critical" } ], "title": "CVE-2007-3641" }, { "cve": "CVE-2017-14166", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14166" } ], "notes": [ { "category": "general", "text": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14166", "url": "https://www.suse.com/security/cve/CVE-2017-14166" }, { "category": "external", "summary": "SUSE Bug 1057514 for CVE-2017-14166", "url": "https://bugzilla.suse.com/1057514" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2017-14166" }, { "cve": "CVE-2017-14501", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-14501" } ], "notes": [ { "category": "general", "text": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-14501", "url": "https://www.suse.com/security/cve/CVE-2017-14501" }, { "category": "external", "summary": "SUSE Bug 1059139 for CVE-2017-14501", "url": "https://bugzilla.suse.com/1059139" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2017-14501" }, { "cve": "CVE-2018-1000877", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000877" } ], "notes": [ { "category": "general", "text": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar-\u003elzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000877", "url": "https://www.suse.com/security/cve/CVE-2018-1000877" }, { "category": "external", "summary": "SUSE Bug 1120653 for CVE-2018-1000877", "url": "https://bugzilla.suse.com/1120653" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2018-1000877" }, { "cve": "CVE-2018-1000878", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000878" } ], "notes": [ { "category": "general", "text": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000878", "url": "https://www.suse.com/security/cve/CVE-2018-1000878" }, { "category": "external", "summary": "SUSE Bug 1120654 for CVE-2018-1000878", "url": "https://bugzilla.suse.com/1120654" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2018-1000878" }, { "cve": "CVE-2018-1000879", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000879" } ], "notes": [ { "category": "general", "text": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000879", "url": "https://www.suse.com/security/cve/CVE-2018-1000879" }, { "category": "external", "summary": "SUSE Bug 1120656 for CVE-2018-1000879", "url": "https://bugzilla.suse.com/1120656" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2018-1000879" }, { "cve": "CVE-2018-1000880", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000880" } ], "notes": [ { "category": "general", "text": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000880", "url": "https://www.suse.com/security/cve/CVE-2018-1000880" }, { "category": "external", "summary": "SUSE Bug 1120659 for CVE-2018-1000880", "url": "https://bugzilla.suse.com/1120659" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2018-1000880" }, { "cve": "CVE-2019-1000019", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-1000019" } ], "notes": [ { "category": "general", "text": "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-1000019", "url": "https://www.suse.com/security/cve/CVE-2019-1000019" }, { "category": "external", "summary": "SUSE Bug 1124341 for CVE-2019-1000019", "url": "https://bugzilla.suse.com/1124341" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2019-1000019" }, { "cve": "CVE-2019-1000020", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-1000020" } ], "notes": [ { "category": "general", "text": "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-1000020", "url": "https://www.suse.com/security/cve/CVE-2019-1000020" }, { "category": "external", "summary": "SUSE Bug 1124342 for CVE-2019-1000020", "url": "https://bugzilla.suse.com/1124342" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2019-1000020" }, { "cve": "CVE-2019-18408", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-18408" } ], "notes": [ { "category": "general", "text": "archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-18408", "url": "https://www.suse.com/security/cve/CVE-2019-18408" }, { "category": "external", "summary": "SUSE Bug 1155079 for CVE-2019-18408", "url": "https://bugzilla.suse.com/1155079" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2019-18408" }, { "cve": "CVE-2019-19221", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-19221" } ], "notes": [ { "category": "general", "text": "In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-19221", "url": "https://www.suse.com/security/cve/CVE-2019-19221" }, { "category": "external", "summary": "SUSE Bug 1157569 for CVE-2019-19221", "url": "https://bugzilla.suse.com/1157569" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x", "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x", "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2019-19221" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.