Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-4301 (GCVE-0-2016-4301)
Vulnerability from cvelistv5
Published
2016-09-21 14:00
Modified
2024-08-06 00:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libarchive/libarchive/issues/715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0153/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441"
},
{
"name": "GLSA-201701-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libarchive/libarchive/issues/715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0153/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441"
},
{
"name": "GLSA-201701-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91328"
},
{
"name": "https://github.com/libarchive/libarchive/issues/715",
"refsource": "CONFIRM",
"url": "https://github.com/libarchive/libarchive/issues/715"
},
{
"name": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html",
"refsource": "MISC",
"url": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html"
},
{
"name": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77",
"refsource": "CONFIRM",
"url": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77"
},
{
"name": "http://www.talosintel.com/reports/TALOS-2016-0153/",
"refsource": "MISC",
"url": "http://www.talosintel.com/reports/TALOS-2016-0153/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441"
},
{
"name": "GLSA-201701-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4301",
"datePublished": "2016-09-21T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-4301\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2016-09-21T14:25:03.377\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n parse_device en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo mtree manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.0\",\"matchCriteriaId\":\"6A6EFED3-4FD3-413D-85C2-73F746F346E8\"}]}]}],\"references\":[{\"url\":\"http://blog.talosintel.com/2016/06/the-poisoned-archives.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/91328\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.talosintel.com/reports/TALOS-2016-0153/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1348441\",\"source\":\"cret@cert.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77\",\"source\":\"cret@cert.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/libarchive/libarchive/issues/715\",\"source\":\"cret@cert.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-03\",\"source\":\"cret@cert.org\"},{\"url\":\"http://blog.talosintel.com/2016/06/the-poisoned-archives.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/91328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.talosintel.com/reports/TALOS-2016-0153/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1348441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/libarchive/libarchive/issues/715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
suse-su-2016:1909-1
Vulnerability from csaf_suse
Published
2016-07-29 08:20
Modified
2016-07-29 08:20
Summary
Security update for libarchive
Notes
Title of the patch
Security update for libarchive
Description of the patch
libarchive was updated to fix 20 security issues.
These security issues were fixed:
- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).
- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).
- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).
- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).
- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).
- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).
- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).
- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).
- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).
- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).
- CVE-2015-8929: Memory leak in tar parser (bsc#985669).
- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).
- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).
- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).
- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).
- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).
- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).
- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).
- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).
- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "libarchive was updated to fix 20 security issues.\n\nThese security issues were fixed:\n- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).\n- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).\n- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).\n- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).\n- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).\n- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).\n- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).\n- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).\n- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).\n- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).\n- CVE-2015-8929: Memory leak in tar parser (bsc#985669).\n- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).\n- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).\n- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).\n- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).\n- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).\n- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).\n- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).\n- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).\n- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1909-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1909-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161909-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1909-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-July/002169.html"
},
{
"category": "self",
"summary": "SUSE Bug 984990",
"url": "https://bugzilla.suse.com/984990"
},
{
"category": "self",
"summary": "SUSE Bug 985609",
"url": "https://bugzilla.suse.com/985609"
},
{
"category": "self",
"summary": "SUSE Bug 985665",
"url": "https://bugzilla.suse.com/985665"
},
{
"category": "self",
"summary": "SUSE Bug 985669",
"url": "https://bugzilla.suse.com/985669"
},
{
"category": "self",
"summary": "SUSE Bug 985673",
"url": "https://bugzilla.suse.com/985673"
},
{
"category": "self",
"summary": "SUSE Bug 985675",
"url": "https://bugzilla.suse.com/985675"
},
{
"category": "self",
"summary": "SUSE Bug 985679",
"url": "https://bugzilla.suse.com/985679"
},
{
"category": "self",
"summary": "SUSE Bug 985682",
"url": "https://bugzilla.suse.com/985682"
},
{
"category": "self",
"summary": "SUSE Bug 985685",
"url": "https://bugzilla.suse.com/985685"
},
{
"category": "self",
"summary": "SUSE Bug 985688",
"url": "https://bugzilla.suse.com/985688"
},
{
"category": "self",
"summary": "SUSE Bug 985689",
"url": "https://bugzilla.suse.com/985689"
},
{
"category": "self",
"summary": "SUSE Bug 985697",
"url": "https://bugzilla.suse.com/985697"
},
{
"category": "self",
"summary": "SUSE Bug 985698",
"url": "https://bugzilla.suse.com/985698"
},
{
"category": "self",
"summary": "SUSE Bug 985700",
"url": "https://bugzilla.suse.com/985700"
},
{
"category": "self",
"summary": "SUSE Bug 985703",
"url": "https://bugzilla.suse.com/985703"
},
{
"category": "self",
"summary": "SUSE Bug 985704",
"url": "https://bugzilla.suse.com/985704"
},
{
"category": "self",
"summary": "SUSE Bug 985706",
"url": "https://bugzilla.suse.com/985706"
},
{
"category": "self",
"summary": "SUSE Bug 985826",
"url": "https://bugzilla.suse.com/985826"
},
{
"category": "self",
"summary": "SUSE Bug 985832",
"url": "https://bugzilla.suse.com/985832"
},
{
"category": "self",
"summary": "SUSE Bug 985835",
"url": "https://bugzilla.suse.com/985835"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8918 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8919 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8920 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8921 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8922 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8923 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8924 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8925 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8926 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8928 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8929 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8930 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8931 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8932 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8933 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8934 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4300 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4301 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4302 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4809 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4809/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2016-07-29T08:20:09Z",
"generator": {
"date": "2016-07-29T08:20:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1909-1",
"initial_release_date": "2016-07-29T08:20:09Z",
"revision_history": [
{
"date": "2016-07-29T08:20:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.ppc64le",
"product": {
"name": "libarchive-devel-3.1.2-22.1.ppc64le",
"product_id": "libarchive-devel-3.1.2-22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.ppc64le",
"product": {
"name": "libarchive13-3.1.2-22.1.ppc64le",
"product_id": "libarchive13-3.1.2-22.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.s390x",
"product": {
"name": "libarchive-devel-3.1.2-22.1.s390x",
"product_id": "libarchive-devel-3.1.2-22.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.s390x",
"product": {
"name": "libarchive13-3.1.2-22.1.s390x",
"product_id": "libarchive13-3.1.2-22.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.x86_64",
"product": {
"name": "libarchive13-3.1.2-22.1.x86_64",
"product_id": "libarchive13-3.1.2-22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.x86_64",
"product": {
"name": "libarchive-devel-3.1.2-22.1.x86_64",
"product_id": "libarchive-devel-3.1.2-22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive-devel-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x"
},
"product_reference": "libarchive-devel-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive-devel-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive13-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x"
},
"product_reference": "libarchive13-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive13-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x"
},
"product_reference": "libarchive13-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8918"
}
],
"notes": [
{
"category": "general",
"text": "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8918",
"url": "https://www.suse.com/security/cve/CVE-2015-8918"
},
{
"category": "external",
"summary": "SUSE Bug 985698 for CVE-2015-8918",
"url": "https://bugzilla.suse.com/985698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8918"
},
{
"cve": "CVE-2015-8919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8919"
}
],
"notes": [
{
"category": "general",
"text": "The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8919",
"url": "https://www.suse.com/security/cve/CVE-2015-8919"
},
{
"category": "external",
"summary": "SUSE Bug 985697 for CVE-2015-8919",
"url": "https://bugzilla.suse.com/985697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8919"
},
{
"cve": "CVE-2015-8920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8920"
}
],
"notes": [
{
"category": "general",
"text": "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8920",
"url": "https://www.suse.com/security/cve/CVE-2015-8920"
},
{
"category": "external",
"summary": "SUSE Bug 985675 for CVE-2015-8920",
"url": "https://bugzilla.suse.com/985675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8920"
},
{
"cve": "CVE-2015-8921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8921"
}
],
"notes": [
{
"category": "general",
"text": "The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8921",
"url": "https://www.suse.com/security/cve/CVE-2015-8921"
},
{
"category": "external",
"summary": "SUSE Bug 985682 for CVE-2015-8921",
"url": "https://bugzilla.suse.com/985682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8921"
},
{
"cve": "CVE-2015-8922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8922"
}
],
"notes": [
{
"category": "general",
"text": "The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8922",
"url": "https://www.suse.com/security/cve/CVE-2015-8922"
},
{
"category": "external",
"summary": "SUSE Bug 985685 for CVE-2015-8922",
"url": "https://bugzilla.suse.com/985685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8922"
},
{
"cve": "CVE-2015-8923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8923"
}
],
"notes": [
{
"category": "general",
"text": "The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8923",
"url": "https://www.suse.com/security/cve/CVE-2015-8923"
},
{
"category": "external",
"summary": "SUSE Bug 985703 for CVE-2015-8923",
"url": "https://bugzilla.suse.com/985703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8923"
},
{
"cve": "CVE-2015-8924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8924"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8924",
"url": "https://www.suse.com/security/cve/CVE-2015-8924"
},
{
"category": "external",
"summary": "SUSE Bug 985609 for CVE-2015-8924",
"url": "https://bugzilla.suse.com/985609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8924"
},
{
"cve": "CVE-2015-8925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8925"
}
],
"notes": [
{
"category": "general",
"text": "The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8925",
"url": "https://www.suse.com/security/cve/CVE-2015-8925"
},
{
"category": "external",
"summary": "SUSE Bug 985706 for CVE-2015-8925",
"url": "https://bugzilla.suse.com/985706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8925"
},
{
"cve": "CVE-2015-8926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8926"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8926",
"url": "https://www.suse.com/security/cve/CVE-2015-8926"
},
{
"category": "external",
"summary": "SUSE Bug 985704 for CVE-2015-8926",
"url": "https://bugzilla.suse.com/985704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8926"
},
{
"cve": "CVE-2015-8928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8928"
}
],
"notes": [
{
"category": "general",
"text": "The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8928",
"url": "https://www.suse.com/security/cve/CVE-2015-8928"
},
{
"category": "external",
"summary": "SUSE Bug 985679 for CVE-2015-8928",
"url": "https://bugzilla.suse.com/985679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8928"
},
{
"cve": "CVE-2015-8929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8929"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8929",
"url": "https://www.suse.com/security/cve/CVE-2015-8929"
},
{
"category": "external",
"summary": "SUSE Bug 985669 for CVE-2015-8929",
"url": "https://bugzilla.suse.com/985669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8929"
},
{
"cve": "CVE-2015-8930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8930"
}
],
"notes": [
{
"category": "general",
"text": "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8930",
"url": "https://www.suse.com/security/cve/CVE-2015-8930"
},
{
"category": "external",
"summary": "SUSE Bug 985700 for CVE-2015-8930",
"url": "https://bugzilla.suse.com/985700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8930"
},
{
"cve": "CVE-2015-8931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8931"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8931",
"url": "https://www.suse.com/security/cve/CVE-2015-8931"
},
{
"category": "external",
"summary": "SUSE Bug 985689 for CVE-2015-8931",
"url": "https://bugzilla.suse.com/985689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8931"
},
{
"cve": "CVE-2015-8932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8932"
}
],
"notes": [
{
"category": "general",
"text": "The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8932",
"url": "https://www.suse.com/security/cve/CVE-2015-8932"
},
{
"category": "external",
"summary": "SUSE Bug 985665 for CVE-2015-8932",
"url": "https://bugzilla.suse.com/985665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8932"
},
{
"cve": "CVE-2015-8933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8933"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8933",
"url": "https://www.suse.com/security/cve/CVE-2015-8933"
},
{
"category": "external",
"summary": "SUSE Bug 985688 for CVE-2015-8933",
"url": "https://bugzilla.suse.com/985688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8933"
},
{
"cve": "CVE-2015-8934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8934"
}
],
"notes": [
{
"category": "general",
"text": "The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8934",
"url": "https://www.suse.com/security/cve/CVE-2015-8934"
},
{
"category": "external",
"summary": "SUSE Bug 985673 for CVE-2015-8934",
"url": "https://bugzilla.suse.com/985673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8934"
},
{
"cve": "CVE-2016-4300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4300"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4300",
"url": "https://www.suse.com/security/cve/CVE-2016-4300"
},
{
"category": "external",
"summary": "SUSE Bug 985832 for CVE-2016-4300",
"url": "https://bugzilla.suse.com/985832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4300"
},
{
"cve": "CVE-2016-4301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4301"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4301",
"url": "https://www.suse.com/security/cve/CVE-2016-4301"
},
{
"category": "external",
"summary": "SUSE Bug 985826 for CVE-2016-4301",
"url": "https://bugzilla.suse.com/985826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4301"
},
{
"cve": "CVE-2016-4302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4302"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4302",
"url": "https://www.suse.com/security/cve/CVE-2016-4302"
},
{
"category": "external",
"summary": "SUSE Bug 985835 for CVE-2016-4302",
"url": "https://bugzilla.suse.com/985835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4302"
},
{
"cve": "CVE-2016-4809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4809"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4809",
"url": "https://www.suse.com/security/cve/CVE-2016-4809"
},
{
"category": "external",
"summary": "SUSE Bug 984990 for CVE-2016-4809",
"url": "https://bugzilla.suse.com/984990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "low"
}
],
"title": "CVE-2016-4809"
}
]
}
fkie_cve-2016-4301
Vulnerability from fkie_nvd
Published
2016-09-21 14:25
Modified
2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://blog.talosintel.com/2016/06/the-poisoned-archives.html | Exploit, Third Party Advisory | |
| cret@cert.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | ||
| cret@cert.org | http://www.securityfocus.com/bid/91328 | ||
| cret@cert.org | http://www.talosintel.com/reports/TALOS-2016-0153/ | Exploit, Third Party Advisory | |
| cret@cert.org | https://bugzilla.redhat.com/show_bug.cgi?id=1348441 | Issue Tracking | |
| cret@cert.org | https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77 | Issue Tracking, Patch | |
| cret@cert.org | https://github.com/libarchive/libarchive/issues/715 | Issue Tracking, Patch | |
| cret@cert.org | https://security.gentoo.org/glsa/201701-03 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.talosintel.com/2016/06/the-poisoned-archives.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91328 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintel.com/reports/TALOS-2016-0153/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1348441 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libarchive/libarchive/issues/715 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-03 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libarchive | libarchive | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6EFED3-4FD3-413D-85C2-73F746F346E8",
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n parse_device en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo mtree manipulado."
}
],
"id": "CVE-2016-4301",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-21T14:25:03.377",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/91328"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0153/"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/libarchive/libarchive/issues/715"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0153/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/libarchive/libarchive/issues/715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-03"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
opensuse-su-2024:10127-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
bsdtar-3.2.2-2.1 on GA media
Notes
Title of the patch
bsdtar-3.2.2-2.1 on GA media
Description of the patch
These are all security issues fixed in the bsdtar-3.2.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10127
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "bsdtar-3.2.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the bsdtar-3.2.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10127",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10127-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0211 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2304 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8917 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8928 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8933 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8934 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1541 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4300 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4301 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4809 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5418 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5844 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6250 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8687 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8688 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8689 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8689/"
}
],
"title": "bsdtar-3.2.2-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10127-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.2.2-2.1.aarch64",
"product": {
"name": "bsdtar-3.2.2-2.1.aarch64",
"product_id": "bsdtar-3.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.2.2-2.1.aarch64",
"product": {
"name": "libarchive-devel-3.2.2-2.1.aarch64",
"product_id": "libarchive-devel-3.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.2.2-2.1.aarch64",
"product": {
"name": "libarchive13-3.2.2-2.1.aarch64",
"product_id": "libarchive13-3.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.2.2-2.1.aarch64",
"product": {
"name": "libarchive13-32bit-3.2.2-2.1.aarch64",
"product_id": "libarchive13-32bit-3.2.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.2.2-2.1.ppc64le",
"product": {
"name": "bsdtar-3.2.2-2.1.ppc64le",
"product_id": "bsdtar-3.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.2.2-2.1.ppc64le",
"product": {
"name": "libarchive-devel-3.2.2-2.1.ppc64le",
"product_id": "libarchive-devel-3.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.2.2-2.1.ppc64le",
"product": {
"name": "libarchive13-3.2.2-2.1.ppc64le",
"product_id": "libarchive13-3.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.2.2-2.1.ppc64le",
"product": {
"name": "libarchive13-32bit-3.2.2-2.1.ppc64le",
"product_id": "libarchive13-32bit-3.2.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.2.2-2.1.s390x",
"product": {
"name": "bsdtar-3.2.2-2.1.s390x",
"product_id": "bsdtar-3.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.2.2-2.1.s390x",
"product": {
"name": "libarchive-devel-3.2.2-2.1.s390x",
"product_id": "libarchive-devel-3.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.2.2-2.1.s390x",
"product": {
"name": "libarchive13-3.2.2-2.1.s390x",
"product_id": "libarchive13-3.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.2.2-2.1.s390x",
"product": {
"name": "libarchive13-32bit-3.2.2-2.1.s390x",
"product_id": "libarchive13-32bit-3.2.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.2.2-2.1.x86_64",
"product": {
"name": "bsdtar-3.2.2-2.1.x86_64",
"product_id": "bsdtar-3.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.2.2-2.1.x86_64",
"product": {
"name": "libarchive-devel-3.2.2-2.1.x86_64",
"product_id": "libarchive-devel-3.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.2.2-2.1.x86_64",
"product": {
"name": "libarchive13-3.2.2-2.1.x86_64",
"product_id": "libarchive13-3.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.2.2-2.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.2.2-2.1.x86_64",
"product_id": "libarchive13-32bit-3.2.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64"
},
"product_reference": "bsdtar-3.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le"
},
"product_reference": "bsdtar-3.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x"
},
"product_reference": "bsdtar-3.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64"
},
"product_reference": "bsdtar-3.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64"
},
"product_reference": "libarchive-devel-3.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le"
},
"product_reference": "libarchive-devel-3.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x"
},
"product_reference": "libarchive-devel-3.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64"
},
"product_reference": "libarchive-devel-3.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64"
},
"product_reference": "libarchive13-3.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le"
},
"product_reference": "libarchive13-3.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x"
},
"product_reference": "libarchive13-3.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64"
},
"product_reference": "libarchive13-3.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64"
},
"product_reference": "libarchive13-32bit-3.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le"
},
"product_reference": "libarchive13-32bit-3.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x"
},
"product_reference": "libarchive13-32bit-3.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
},
"product_reference": "libarchive13-32bit-3.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0211"
}
],
"notes": [
{
"category": "general",
"text": "Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0211",
"url": "https://www.suse.com/security/cve/CVE-2013-0211"
},
{
"category": "external",
"summary": "SUSE Bug 800024 for CVE-2013-0211",
"url": "https://bugzilla.suse.com/800024"
},
{
"category": "external",
"summary": "SUSE Bug 979005 for CVE-2013-0211",
"url": "https://bugzilla.suse.com/979005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0211"
},
{
"cve": "CVE-2015-2304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2304"
}
],
"notes": [
{
"category": "general",
"text": "Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2304",
"url": "https://www.suse.com/security/cve/CVE-2015-2304"
},
{
"category": "external",
"summary": "SUSE Bug 920870 for CVE-2015-2304",
"url": "https://bugzilla.suse.com/920870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-2304"
},
{
"cve": "CVE-2015-8917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8917"
}
],
"notes": [
{
"category": "general",
"text": "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8917",
"url": "https://www.suse.com/security/cve/CVE-2015-8917"
},
{
"category": "external",
"summary": "SUSE Bug 985691 for CVE-2015-8917",
"url": "https://bugzilla.suse.com/985691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8917"
},
{
"cve": "CVE-2015-8928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8928"
}
],
"notes": [
{
"category": "general",
"text": "The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8928",
"url": "https://www.suse.com/security/cve/CVE-2015-8928"
},
{
"category": "external",
"summary": "SUSE Bug 985679 for CVE-2015-8928",
"url": "https://bugzilla.suse.com/985679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8928"
},
{
"cve": "CVE-2015-8933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8933"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8933",
"url": "https://www.suse.com/security/cve/CVE-2015-8933"
},
{
"category": "external",
"summary": "SUSE Bug 985688 for CVE-2015-8933",
"url": "https://bugzilla.suse.com/985688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8933"
},
{
"cve": "CVE-2015-8934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8934"
}
],
"notes": [
{
"category": "general",
"text": "The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8934",
"url": "https://www.suse.com/security/cve/CVE-2015-8934"
},
{
"category": "external",
"summary": "SUSE Bug 985673 for CVE-2015-8934",
"url": "https://bugzilla.suse.com/985673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8934"
},
{
"cve": "CVE-2016-1541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1541"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1541",
"url": "https://www.suse.com/security/cve/CVE-2016-1541"
},
{
"category": "external",
"summary": "SUSE Bug 979005 for CVE-2016-1541",
"url": "https://bugzilla.suse.com/979005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1541"
},
{
"cve": "CVE-2016-4300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4300"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4300",
"url": "https://www.suse.com/security/cve/CVE-2016-4300"
},
{
"category": "external",
"summary": "SUSE Bug 985832 for CVE-2016-4300",
"url": "https://bugzilla.suse.com/985832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-4300"
},
{
"cve": "CVE-2016-4301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4301"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4301",
"url": "https://www.suse.com/security/cve/CVE-2016-4301"
},
{
"category": "external",
"summary": "SUSE Bug 985826 for CVE-2016-4301",
"url": "https://bugzilla.suse.com/985826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-4301"
},
{
"cve": "CVE-2016-4809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4809"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4809",
"url": "https://www.suse.com/security/cve/CVE-2016-4809"
},
{
"category": "external",
"summary": "SUSE Bug 984990 for CVE-2016-4809",
"url": "https://bugzilla.suse.com/984990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-4809"
},
{
"cve": "CVE-2016-5418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5418"
}
],
"notes": [
{
"category": "general",
"text": "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5418",
"url": "https://www.suse.com/security/cve/CVE-2016-5418"
},
{
"category": "external",
"summary": "SUSE Bug 998677 for CVE-2016-5418",
"url": "https://bugzilla.suse.com/998677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5418"
},
{
"cve": "CVE-2016-5844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5844"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5844",
"url": "https://www.suse.com/security/cve/CVE-2016-5844"
},
{
"category": "external",
"summary": "SUSE Bug 986566 for CVE-2016-5844",
"url": "https://bugzilla.suse.com/986566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5844"
},
{
"cve": "CVE-2016-6250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6250"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6250",
"url": "https://www.suse.com/security/cve/CVE-2016-6250"
},
{
"category": "external",
"summary": "SUSE Bug 989980 for CVE-2016-6250",
"url": "https://bugzilla.suse.com/989980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-6250"
},
{
"cve": "CVE-2016-8687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8687"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8687",
"url": "https://www.suse.com/security/cve/CVE-2016-8687"
},
{
"category": "external",
"summary": "SUSE Bug 1005070 for CVE-2016-8687",
"url": "https://bugzilla.suse.com/1005070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-8687"
},
{
"cve": "CVE-2016-8688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8688"
}
],
"notes": [
{
"category": "general",
"text": "The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8688",
"url": "https://www.suse.com/security/cve/CVE-2016-8688"
},
{
"category": "external",
"summary": "SUSE Bug 1005076 for CVE-2016-8688",
"url": "https://bugzilla.suse.com/1005076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8688"
},
{
"cve": "CVE-2016-8689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8689"
}
],
"notes": [
{
"category": "general",
"text": "The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8689",
"url": "https://www.suse.com/security/cve/CVE-2016-8689"
},
{
"category": "external",
"summary": "SUSE Bug 1005072 for CVE-2016-8689",
"url": "https://bugzilla.suse.com/1005072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.2.2-2.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8689"
}
]
}
gsd-2016-4301
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-4301",
"description": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.",
"id": "GSD-2016-4301",
"references": [
"https://www.suse.com/security/cve/CVE-2016-4301.html",
"https://advisories.mageia.org/CVE-2016-4301.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-4301"
],
"details": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.",
"id": "GSD-2016-4301",
"modified": "2023-12-13T01:21:18.514158Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91328"
},
{
"name": "https://github.com/libarchive/libarchive/issues/715",
"refsource": "CONFIRM",
"url": "https://github.com/libarchive/libarchive/issues/715"
},
{
"name": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html",
"refsource": "MISC",
"url": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html"
},
{
"name": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77",
"refsource": "CONFIRM",
"url": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77"
},
{
"name": "http://www.talosintel.com/reports/TALOS-2016-0153/",
"refsource": "MISC",
"url": "http://www.talosintel.com/reports/TALOS-2016-0153/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441"
},
{
"name": "GLSA-201701-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-03"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4301"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77"
},
{
"name": "https://github.com/libarchive/libarchive/issues/715",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/libarchive/libarchive/issues/715"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441"
},
{
"name": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html"
},
{
"name": "http://www.talosintel.com/reports/TALOS-2016-0153/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0153/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "91328",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/91328"
},
{
"name": "GLSA-201701-03",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201701-03"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-07-01T01:29Z",
"publishedDate": "2016-09-21T14:25Z"
}
}
}
ghsa-r3m8-9hr7-7xwr
Vulnerability from github
Published
2022-05-17 02:37
Modified
2025-04-12 13:04
Severity ?
VLAI Severity ?
Details
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
{
"affected": [],
"aliases": [
"CVE-2016-4301"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-21T14:25:00Z",
"severity": "HIGH"
},
"details": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.",
"id": "GHSA-r3m8-9hr7-7xwr",
"modified": "2025-04-12T13:04:25Z",
"published": "2022-05-17T02:37:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4301"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/issues/715"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-03"
},
{
"type": "WEB",
"url": "http://blog.talosintel.com/2016/06/the-poisoned-archives.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91328"
},
{
"type": "WEB",
"url": "http://www.talosintel.com/reports/TALOS-2016-0153"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…