SUSE-SU-2016:1909-1
Vulnerability from csaf_suse - Published: 2016-07-29 08:20 - Updated: 2016-07-29 08:20Summary
Security update for libarchive
Severity
Important
Notes
Title of the patch: Security update for libarchive
Description of the patch: libarchive was updated to fix 20 security issues.
These security issues were fixed:
- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).
- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).
- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).
- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).
- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).
- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).
- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).
- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).
- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).
- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).
- CVE-2015-8929: Memory leak in tar parser (bsc#985669).
- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).
- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).
- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).
- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).
- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).
- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).
- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).
- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).
- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).
Patchnames: SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "libarchive was updated to fix 20 security issues.\n\nThese security issues were fixed:\n- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).\n- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).\n- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).\n- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).\n- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).\n- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).\n- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).\n- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).\n- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).\n- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).\n- CVE-2015-8929: Memory leak in tar parser (bsc#985669).\n- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).\n- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).\n- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).\n- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).\n- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).\n- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).\n- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).\n- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).\n- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1909-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1909-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161909-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1909-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-July/002169.html"
},
{
"category": "self",
"summary": "SUSE Bug 984990",
"url": "https://bugzilla.suse.com/984990"
},
{
"category": "self",
"summary": "SUSE Bug 985609",
"url": "https://bugzilla.suse.com/985609"
},
{
"category": "self",
"summary": "SUSE Bug 985665",
"url": "https://bugzilla.suse.com/985665"
},
{
"category": "self",
"summary": "SUSE Bug 985669",
"url": "https://bugzilla.suse.com/985669"
},
{
"category": "self",
"summary": "SUSE Bug 985673",
"url": "https://bugzilla.suse.com/985673"
},
{
"category": "self",
"summary": "SUSE Bug 985675",
"url": "https://bugzilla.suse.com/985675"
},
{
"category": "self",
"summary": "SUSE Bug 985679",
"url": "https://bugzilla.suse.com/985679"
},
{
"category": "self",
"summary": "SUSE Bug 985682",
"url": "https://bugzilla.suse.com/985682"
},
{
"category": "self",
"summary": "SUSE Bug 985685",
"url": "https://bugzilla.suse.com/985685"
},
{
"category": "self",
"summary": "SUSE Bug 985688",
"url": "https://bugzilla.suse.com/985688"
},
{
"category": "self",
"summary": "SUSE Bug 985689",
"url": "https://bugzilla.suse.com/985689"
},
{
"category": "self",
"summary": "SUSE Bug 985697",
"url": "https://bugzilla.suse.com/985697"
},
{
"category": "self",
"summary": "SUSE Bug 985698",
"url": "https://bugzilla.suse.com/985698"
},
{
"category": "self",
"summary": "SUSE Bug 985700",
"url": "https://bugzilla.suse.com/985700"
},
{
"category": "self",
"summary": "SUSE Bug 985703",
"url": "https://bugzilla.suse.com/985703"
},
{
"category": "self",
"summary": "SUSE Bug 985704",
"url": "https://bugzilla.suse.com/985704"
},
{
"category": "self",
"summary": "SUSE Bug 985706",
"url": "https://bugzilla.suse.com/985706"
},
{
"category": "self",
"summary": "SUSE Bug 985826",
"url": "https://bugzilla.suse.com/985826"
},
{
"category": "self",
"summary": "SUSE Bug 985832",
"url": "https://bugzilla.suse.com/985832"
},
{
"category": "self",
"summary": "SUSE Bug 985835",
"url": "https://bugzilla.suse.com/985835"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8918 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8919 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8920 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8921 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8922 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8923 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8924 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8925 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8926 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8928 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8929 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8930 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8931 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8932 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8933 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8934 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4300 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4301 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4302 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4809 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4809/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2016-07-29T08:20:09Z",
"generator": {
"date": "2016-07-29T08:20:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1909-1",
"initial_release_date": "2016-07-29T08:20:09Z",
"revision_history": [
{
"date": "2016-07-29T08:20:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.ppc64le",
"product": {
"name": "libarchive-devel-3.1.2-22.1.ppc64le",
"product_id": "libarchive-devel-3.1.2-22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.ppc64le",
"product": {
"name": "libarchive13-3.1.2-22.1.ppc64le",
"product_id": "libarchive13-3.1.2-22.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.s390x",
"product": {
"name": "libarchive-devel-3.1.2-22.1.s390x",
"product_id": "libarchive-devel-3.1.2-22.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.s390x",
"product": {
"name": "libarchive13-3.1.2-22.1.s390x",
"product_id": "libarchive13-3.1.2-22.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.x86_64",
"product": {
"name": "libarchive13-3.1.2-22.1.x86_64",
"product_id": "libarchive13-3.1.2-22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.x86_64",
"product": {
"name": "libarchive-devel-3.1.2-22.1.x86_64",
"product_id": "libarchive-devel-3.1.2-22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive-devel-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x"
},
"product_reference": "libarchive-devel-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive-devel-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive13-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x"
},
"product_reference": "libarchive13-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive13-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x"
},
"product_reference": "libarchive13-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8918"
}
],
"notes": [
{
"category": "general",
"text": "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8918",
"url": "https://www.suse.com/security/cve/CVE-2015-8918"
},
{
"category": "external",
"summary": "SUSE Bug 985698 for CVE-2015-8918",
"url": "https://bugzilla.suse.com/985698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8918"
},
{
"cve": "CVE-2015-8919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8919"
}
],
"notes": [
{
"category": "general",
"text": "The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8919",
"url": "https://www.suse.com/security/cve/CVE-2015-8919"
},
{
"category": "external",
"summary": "SUSE Bug 985697 for CVE-2015-8919",
"url": "https://bugzilla.suse.com/985697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8919"
},
{
"cve": "CVE-2015-8920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8920"
}
],
"notes": [
{
"category": "general",
"text": "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8920",
"url": "https://www.suse.com/security/cve/CVE-2015-8920"
},
{
"category": "external",
"summary": "SUSE Bug 985675 for CVE-2015-8920",
"url": "https://bugzilla.suse.com/985675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8920"
},
{
"cve": "CVE-2015-8921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8921"
}
],
"notes": [
{
"category": "general",
"text": "The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8921",
"url": "https://www.suse.com/security/cve/CVE-2015-8921"
},
{
"category": "external",
"summary": "SUSE Bug 985682 for CVE-2015-8921",
"url": "https://bugzilla.suse.com/985682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8921"
},
{
"cve": "CVE-2015-8922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8922"
}
],
"notes": [
{
"category": "general",
"text": "The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8922",
"url": "https://www.suse.com/security/cve/CVE-2015-8922"
},
{
"category": "external",
"summary": "SUSE Bug 985685 for CVE-2015-8922",
"url": "https://bugzilla.suse.com/985685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8922"
},
{
"cve": "CVE-2015-8923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8923"
}
],
"notes": [
{
"category": "general",
"text": "The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8923",
"url": "https://www.suse.com/security/cve/CVE-2015-8923"
},
{
"category": "external",
"summary": "SUSE Bug 985703 for CVE-2015-8923",
"url": "https://bugzilla.suse.com/985703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8923"
},
{
"cve": "CVE-2015-8924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8924"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8924",
"url": "https://www.suse.com/security/cve/CVE-2015-8924"
},
{
"category": "external",
"summary": "SUSE Bug 985609 for CVE-2015-8924",
"url": "https://bugzilla.suse.com/985609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8924"
},
{
"cve": "CVE-2015-8925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8925"
}
],
"notes": [
{
"category": "general",
"text": "The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8925",
"url": "https://www.suse.com/security/cve/CVE-2015-8925"
},
{
"category": "external",
"summary": "SUSE Bug 985706 for CVE-2015-8925",
"url": "https://bugzilla.suse.com/985706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8925"
},
{
"cve": "CVE-2015-8926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8926"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8926",
"url": "https://www.suse.com/security/cve/CVE-2015-8926"
},
{
"category": "external",
"summary": "SUSE Bug 985704 for CVE-2015-8926",
"url": "https://bugzilla.suse.com/985704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8926"
},
{
"cve": "CVE-2015-8928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8928"
}
],
"notes": [
{
"category": "general",
"text": "The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8928",
"url": "https://www.suse.com/security/cve/CVE-2015-8928"
},
{
"category": "external",
"summary": "SUSE Bug 985679 for CVE-2015-8928",
"url": "https://bugzilla.suse.com/985679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8928"
},
{
"cve": "CVE-2015-8929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8929"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8929",
"url": "https://www.suse.com/security/cve/CVE-2015-8929"
},
{
"category": "external",
"summary": "SUSE Bug 985669 for CVE-2015-8929",
"url": "https://bugzilla.suse.com/985669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8929"
},
{
"cve": "CVE-2015-8930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8930"
}
],
"notes": [
{
"category": "general",
"text": "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8930",
"url": "https://www.suse.com/security/cve/CVE-2015-8930"
},
{
"category": "external",
"summary": "SUSE Bug 985700 for CVE-2015-8930",
"url": "https://bugzilla.suse.com/985700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8930"
},
{
"cve": "CVE-2015-8931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8931"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8931",
"url": "https://www.suse.com/security/cve/CVE-2015-8931"
},
{
"category": "external",
"summary": "SUSE Bug 985689 for CVE-2015-8931",
"url": "https://bugzilla.suse.com/985689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8931"
},
{
"cve": "CVE-2015-8932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8932"
}
],
"notes": [
{
"category": "general",
"text": "The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8932",
"url": "https://www.suse.com/security/cve/CVE-2015-8932"
},
{
"category": "external",
"summary": "SUSE Bug 985665 for CVE-2015-8932",
"url": "https://bugzilla.suse.com/985665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8932"
},
{
"cve": "CVE-2015-8933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8933"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8933",
"url": "https://www.suse.com/security/cve/CVE-2015-8933"
},
{
"category": "external",
"summary": "SUSE Bug 985688 for CVE-2015-8933",
"url": "https://bugzilla.suse.com/985688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8933"
},
{
"cve": "CVE-2015-8934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8934"
}
],
"notes": [
{
"category": "general",
"text": "The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8934",
"url": "https://www.suse.com/security/cve/CVE-2015-8934"
},
{
"category": "external",
"summary": "SUSE Bug 985673 for CVE-2015-8934",
"url": "https://bugzilla.suse.com/985673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8934"
},
{
"cve": "CVE-2016-4300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4300"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4300",
"url": "https://www.suse.com/security/cve/CVE-2016-4300"
},
{
"category": "external",
"summary": "SUSE Bug 985832 for CVE-2016-4300",
"url": "https://bugzilla.suse.com/985832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4300"
},
{
"cve": "CVE-2016-4301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4301"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4301",
"url": "https://www.suse.com/security/cve/CVE-2016-4301"
},
{
"category": "external",
"summary": "SUSE Bug 985826 for CVE-2016-4301",
"url": "https://bugzilla.suse.com/985826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4301"
},
{
"cve": "CVE-2016-4302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4302"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4302",
"url": "https://www.suse.com/security/cve/CVE-2016-4302"
},
{
"category": "external",
"summary": "SUSE Bug 985835 for CVE-2016-4302",
"url": "https://bugzilla.suse.com/985835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4302"
},
{
"cve": "CVE-2016-4809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4809"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4809",
"url": "https://www.suse.com/security/cve/CVE-2016-4809"
},
{
"category": "external",
"summary": "SUSE Bug 984990 for CVE-2016-4809",
"url": "https://bugzilla.suse.com/984990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "low"
}
],
"title": "CVE-2016-4809"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…