suse-su-2016:1909-1
Vulnerability from csaf_suse
Published
2016-07-29 08:20
Modified
2016-07-29 08:20
Summary
Security update for libarchive
Notes
Title of the patch
Security update for libarchive
Description of the patch
libarchive was updated to fix 20 security issues.
These security issues were fixed:
- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).
- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).
- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).
- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).
- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).
- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).
- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).
- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).
- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).
- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).
- CVE-2015-8929: Memory leak in tar parser (bsc#985669).
- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).
- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).
- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).
- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).
- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).
- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).
- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).
- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).
- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "libarchive was updated to fix 20 security issues.\n\nThese security issues were fixed:\n- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).\n- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).\n- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).\n- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).\n- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).\n- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).\n- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).\n- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).\n- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).\n- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).\n- CVE-2015-8929: Memory leak in tar parser (bsc#985669).\n- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).\n- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).\n- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).\n- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).\n- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).\n- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).\n- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).\n- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).\n- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1909-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1909-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161909-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1909-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-July/002169.html"
},
{
"category": "self",
"summary": "SUSE Bug 984990",
"url": "https://bugzilla.suse.com/984990"
},
{
"category": "self",
"summary": "SUSE Bug 985609",
"url": "https://bugzilla.suse.com/985609"
},
{
"category": "self",
"summary": "SUSE Bug 985665",
"url": "https://bugzilla.suse.com/985665"
},
{
"category": "self",
"summary": "SUSE Bug 985669",
"url": "https://bugzilla.suse.com/985669"
},
{
"category": "self",
"summary": "SUSE Bug 985673",
"url": "https://bugzilla.suse.com/985673"
},
{
"category": "self",
"summary": "SUSE Bug 985675",
"url": "https://bugzilla.suse.com/985675"
},
{
"category": "self",
"summary": "SUSE Bug 985679",
"url": "https://bugzilla.suse.com/985679"
},
{
"category": "self",
"summary": "SUSE Bug 985682",
"url": "https://bugzilla.suse.com/985682"
},
{
"category": "self",
"summary": "SUSE Bug 985685",
"url": "https://bugzilla.suse.com/985685"
},
{
"category": "self",
"summary": "SUSE Bug 985688",
"url": "https://bugzilla.suse.com/985688"
},
{
"category": "self",
"summary": "SUSE Bug 985689",
"url": "https://bugzilla.suse.com/985689"
},
{
"category": "self",
"summary": "SUSE Bug 985697",
"url": "https://bugzilla.suse.com/985697"
},
{
"category": "self",
"summary": "SUSE Bug 985698",
"url": "https://bugzilla.suse.com/985698"
},
{
"category": "self",
"summary": "SUSE Bug 985700",
"url": "https://bugzilla.suse.com/985700"
},
{
"category": "self",
"summary": "SUSE Bug 985703",
"url": "https://bugzilla.suse.com/985703"
},
{
"category": "self",
"summary": "SUSE Bug 985704",
"url": "https://bugzilla.suse.com/985704"
},
{
"category": "self",
"summary": "SUSE Bug 985706",
"url": "https://bugzilla.suse.com/985706"
},
{
"category": "self",
"summary": "SUSE Bug 985826",
"url": "https://bugzilla.suse.com/985826"
},
{
"category": "self",
"summary": "SUSE Bug 985832",
"url": "https://bugzilla.suse.com/985832"
},
{
"category": "self",
"summary": "SUSE Bug 985835",
"url": "https://bugzilla.suse.com/985835"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8918 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8919 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8920 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8921 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8922 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8923 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8924 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8925 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8926 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8928 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8929 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8930 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8931 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8932 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8933 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8934 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4300 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4301 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4302 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4809 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4809/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2016-07-29T08:20:09Z",
"generator": {
"date": "2016-07-29T08:20:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1909-1",
"initial_release_date": "2016-07-29T08:20:09Z",
"revision_history": [
{
"date": "2016-07-29T08:20:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.ppc64le",
"product": {
"name": "libarchive-devel-3.1.2-22.1.ppc64le",
"product_id": "libarchive-devel-3.1.2-22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.ppc64le",
"product": {
"name": "libarchive13-3.1.2-22.1.ppc64le",
"product_id": "libarchive13-3.1.2-22.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.s390x",
"product": {
"name": "libarchive-devel-3.1.2-22.1.s390x",
"product_id": "libarchive-devel-3.1.2-22.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.s390x",
"product": {
"name": "libarchive13-3.1.2-22.1.s390x",
"product_id": "libarchive13-3.1.2-22.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.1.2-22.1.x86_64",
"product": {
"name": "libarchive13-3.1.2-22.1.x86_64",
"product_id": "libarchive13-3.1.2-22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.1.2-22.1.x86_64",
"product": {
"name": "libarchive-devel-3.1.2-22.1.x86_64",
"product_id": "libarchive-devel-3.1.2-22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive-devel-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x"
},
"product_reference": "libarchive-devel-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive-devel-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive13-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x"
},
"product_reference": "libarchive13-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le"
},
"product_reference": "libarchive13-3.1.2-22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x"
},
"product_reference": "libarchive13-3.1.2-22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64"
},
"product_reference": "libarchive13-3.1.2-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8918"
}
],
"notes": [
{
"category": "general",
"text": "The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8918",
"url": "https://www.suse.com/security/cve/CVE-2015-8918"
},
{
"category": "external",
"summary": "SUSE Bug 985698 for CVE-2015-8918",
"url": "https://bugzilla.suse.com/985698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8918"
},
{
"cve": "CVE-2015-8919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8919"
}
],
"notes": [
{
"category": "general",
"text": "The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8919",
"url": "https://www.suse.com/security/cve/CVE-2015-8919"
},
{
"category": "external",
"summary": "SUSE Bug 985697 for CVE-2015-8919",
"url": "https://bugzilla.suse.com/985697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8919"
},
{
"cve": "CVE-2015-8920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8920"
}
],
"notes": [
{
"category": "general",
"text": "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8920",
"url": "https://www.suse.com/security/cve/CVE-2015-8920"
},
{
"category": "external",
"summary": "SUSE Bug 985675 for CVE-2015-8920",
"url": "https://bugzilla.suse.com/985675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8920"
},
{
"cve": "CVE-2015-8921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8921"
}
],
"notes": [
{
"category": "general",
"text": "The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8921",
"url": "https://www.suse.com/security/cve/CVE-2015-8921"
},
{
"category": "external",
"summary": "SUSE Bug 985682 for CVE-2015-8921",
"url": "https://bugzilla.suse.com/985682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8921"
},
{
"cve": "CVE-2015-8922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8922"
}
],
"notes": [
{
"category": "general",
"text": "The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8922",
"url": "https://www.suse.com/security/cve/CVE-2015-8922"
},
{
"category": "external",
"summary": "SUSE Bug 985685 for CVE-2015-8922",
"url": "https://bugzilla.suse.com/985685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8922"
},
{
"cve": "CVE-2015-8923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8923"
}
],
"notes": [
{
"category": "general",
"text": "The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8923",
"url": "https://www.suse.com/security/cve/CVE-2015-8923"
},
{
"category": "external",
"summary": "SUSE Bug 985703 for CVE-2015-8923",
"url": "https://bugzilla.suse.com/985703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8923"
},
{
"cve": "CVE-2015-8924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8924"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8924",
"url": "https://www.suse.com/security/cve/CVE-2015-8924"
},
{
"category": "external",
"summary": "SUSE Bug 985609 for CVE-2015-8924",
"url": "https://bugzilla.suse.com/985609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8924"
},
{
"cve": "CVE-2015-8925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8925"
}
],
"notes": [
{
"category": "general",
"text": "The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8925",
"url": "https://www.suse.com/security/cve/CVE-2015-8925"
},
{
"category": "external",
"summary": "SUSE Bug 985706 for CVE-2015-8925",
"url": "https://bugzilla.suse.com/985706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8925"
},
{
"cve": "CVE-2015-8926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8926"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8926",
"url": "https://www.suse.com/security/cve/CVE-2015-8926"
},
{
"category": "external",
"summary": "SUSE Bug 985704 for CVE-2015-8926",
"url": "https://bugzilla.suse.com/985704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8926"
},
{
"cve": "CVE-2015-8928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8928"
}
],
"notes": [
{
"category": "general",
"text": "The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8928",
"url": "https://www.suse.com/security/cve/CVE-2015-8928"
},
{
"category": "external",
"summary": "SUSE Bug 985679 for CVE-2015-8928",
"url": "https://bugzilla.suse.com/985679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8928"
},
{
"cve": "CVE-2015-8929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8929"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8929",
"url": "https://www.suse.com/security/cve/CVE-2015-8929"
},
{
"category": "external",
"summary": "SUSE Bug 985669 for CVE-2015-8929",
"url": "https://bugzilla.suse.com/985669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8929"
},
{
"cve": "CVE-2015-8930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8930"
}
],
"notes": [
{
"category": "general",
"text": "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8930",
"url": "https://www.suse.com/security/cve/CVE-2015-8930"
},
{
"category": "external",
"summary": "SUSE Bug 985700 for CVE-2015-8930",
"url": "https://bugzilla.suse.com/985700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8930"
},
{
"cve": "CVE-2015-8931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8931"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8931",
"url": "https://www.suse.com/security/cve/CVE-2015-8931"
},
{
"category": "external",
"summary": "SUSE Bug 985689 for CVE-2015-8931",
"url": "https://bugzilla.suse.com/985689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8931"
},
{
"cve": "CVE-2015-8932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8932"
}
],
"notes": [
{
"category": "general",
"text": "The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8932",
"url": "https://www.suse.com/security/cve/CVE-2015-8932"
},
{
"category": "external",
"summary": "SUSE Bug 985665 for CVE-2015-8932",
"url": "https://bugzilla.suse.com/985665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8932"
},
{
"cve": "CVE-2015-8933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8933"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8933",
"url": "https://www.suse.com/security/cve/CVE-2015-8933"
},
{
"category": "external",
"summary": "SUSE Bug 985688 for CVE-2015-8933",
"url": "https://bugzilla.suse.com/985688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8933"
},
{
"cve": "CVE-2015-8934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8934"
}
],
"notes": [
{
"category": "general",
"text": "The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8934",
"url": "https://www.suse.com/security/cve/CVE-2015-8934"
},
{
"category": "external",
"summary": "SUSE Bug 985673 for CVE-2015-8934",
"url": "https://bugzilla.suse.com/985673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2015-8934"
},
{
"cve": "CVE-2016-4300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4300"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4300",
"url": "https://www.suse.com/security/cve/CVE-2016-4300"
},
{
"category": "external",
"summary": "SUSE Bug 985832 for CVE-2016-4300",
"url": "https://bugzilla.suse.com/985832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4300"
},
{
"cve": "CVE-2016-4301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4301"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4301",
"url": "https://www.suse.com/security/cve/CVE-2016-4301"
},
{
"category": "external",
"summary": "SUSE Bug 985826 for CVE-2016-4301",
"url": "https://bugzilla.suse.com/985826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4301"
},
{
"cve": "CVE-2016-4302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4302"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4302",
"url": "https://www.suse.com/security/cve/CVE-2016-4302"
},
{
"category": "external",
"summary": "SUSE Bug 985835 for CVE-2016-4302",
"url": "https://bugzilla.suse.com/985835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-4302"
},
{
"cve": "CVE-2016-4809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4809"
}
],
"notes": [
{
"category": "general",
"text": "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4809",
"url": "https://www.suse.com/security/cve/CVE-2016-4809"
},
{
"category": "external",
"summary": "SUSE Bug 984990 for CVE-2016-4809",
"url": "https://bugzilla.suse.com/984990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-29T08:20:09Z",
"details": "low"
}
],
"title": "CVE-2016-4809"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…