{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for libarchive","title":"Title of the patch"},{"category":"description","text":"libarchive was updated to fix 20 security issues.\n\nThese security issues were fixed:\n- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).\n- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).\n- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).\n- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).\n- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).\n- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).\n- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).\n- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).\n- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).\n- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).\n- CVE-2015-8929: Memory leak in tar parser (bsc#985669).\n- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).\n- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).\n- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).\n- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).\n- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).\n- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).\n- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).\n- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).\n- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-DESKTOP-12-SP1-2016-1123,SUSE-SLE-SDK-12-SP1-2016-1123,SUSE-SLE-SERVER-12-SP1-2016-1123","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1909-1.json"},{"category":"self","summary":"URL for SUSE-SU-2016:1909-1","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161909-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2016:1909-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2016-July/002169.html"},{"category":"self","summary":"SUSE Bug 984990","url":"https://bugzilla.suse.com/984990"},{"category":"self","summary":"SUSE Bug 985609","url":"https://bugzilla.suse.com/985609"},{"category":"self","summary":"SUSE Bug 985665","url":"https://bugzilla.suse.com/985665"},{"category":"self","summary":"SUSE Bug 985669","url":"https://bugzilla.suse.com/985669"},{"category":"self","summary":"SUSE Bug 985673","url":"https://bugzilla.suse.com/985673"},{"category":"self","summary":"SUSE Bug 985675","url":"https://bugzilla.suse.com/985675"},{"category":"self","summary":"SUSE Bug 985679","url":"https://bugzilla.suse.com/985679"},{"category":"self","summary":"SUSE Bug 985682","url":"https://bugzilla.suse.com/985682"},{"category":"self","summary":"SUSE Bug 985685","url":"https://bugzilla.suse.com/985685"},{"category":"self","summary":"SUSE Bug 985688","url":"https://bugzilla.suse.com/985688"},{"category":"self","summary":"SUSE Bug 985689","url":"https://bugzilla.suse.com/985689"},{"category":"self","summary":"SUSE Bug 985697","url":"https://bugzilla.suse.com/985697"},{"category":"self","summary":"SUSE Bug 985698","url":"https://bugzilla.suse.com/985698"},{"category":"self","summary":"SUSE Bug 985700","url":"https://bugzilla.suse.com/985700"},{"category":"self","summary":"SUSE Bug 985703","url":"https://bugzilla.suse.com/985703"},{"category":"self","summary":"SUSE Bug 985704","url":"https://bugzilla.suse.com/985704"},{"category":"self","summary":"SUSE Bug 985706","url":"https://bugzilla.suse.com/985706"},{"category":"self","summary":"SUSE Bug 985826","url":"https://bugzilla.suse.com/985826"},{"category":"self","summary":"SUSE Bug 985832","url":"https://bugzilla.suse.com/985832"},{"category":"self","summary":"SUSE Bug 985835","url":"https://bugzilla.suse.com/985835"},{"category":"self","summary":"SUSE CVE CVE-2015-8918 page","url":"https://www.suse.com/security/cve/CVE-2015-8918/"},{"category":"self","summary":"SUSE CVE CVE-2015-8919 page","url":"https://www.suse.com/security/cve/CVE-2015-8919/"},{"category":"self","summary":"SUSE CVE CVE-2015-8920 page","url":"https://www.suse.com/security/cve/CVE-2015-8920/"},{"category":"self","summary":"SUSE CVE CVE-2015-8921 page","url":"https://www.suse.com/security/cve/CVE-2015-8921/"},{"category":"self","summary":"SUSE CVE CVE-2015-8922 page","url":"https://www.suse.com/security/cve/CVE-2015-8922/"},{"category":"self","summary":"SUSE CVE CVE-2015-8923 page","url":"https://www.suse.com/security/cve/CVE-2015-8923/"},{"category":"self","summary":"SUSE CVE CVE-2015-8924 page","url":"https://www.suse.com/security/cve/CVE-2015-8924/"},{"category":"self","summary":"SUSE CVE CVE-2015-8925 page","url":"https://www.suse.com/security/cve/CVE-2015-8925/"},{"category":"self","summary":"SUSE CVE CVE-2015-8926 page","url":"https://www.suse.com/security/cve/CVE-2015-8926/"},{"category":"self","summary":"SUSE CVE CVE-2015-8928 page","url":"https://www.suse.com/security/cve/CVE-2015-8928/"},{"category":"self","summary":"SUSE CVE CVE-2015-8929 page","url":"https://www.suse.com/security/cve/CVE-2015-8929/"},{"category":"self","summary":"SUSE CVE CVE-2015-8930 page","url":"https://www.suse.com/security/cve/CVE-2015-8930/"},{"category":"self","summary":"SUSE CVE CVE-2015-8931 page","url":"https://www.suse.com/security/cve/CVE-2015-8931/"},{"category":"self","summary":"SUSE CVE CVE-2015-8932 page","url":"https://www.suse.com/security/cve/CVE-2015-8932/"},{"category":"self","summary":"SUSE CVE CVE-2015-8933 page","url":"https://www.suse.com/security/cve/CVE-2015-8933/"},{"category":"self","summary":"SUSE CVE CVE-2015-8934 page","url":"https://www.suse.com/security/cve/CVE-2015-8934/"},{"category":"self","summary":"SUSE CVE CVE-2016-4300 page","url":"https://www.suse.com/security/cve/CVE-2016-4300/"},{"category":"self","summary":"SUSE CVE CVE-2016-4301 page","url":"https://www.suse.com/security/cve/CVE-2016-4301/"},{"category":"self","summary":"SUSE CVE CVE-2016-4302 page","url":"https://www.suse.com/security/cve/CVE-2016-4302/"},{"category":"self","summary":"SUSE CVE CVE-2016-4809 page","url":"https://www.suse.com/security/cve/CVE-2016-4809/"}],"title":"Security update for libarchive","tracking":{"current_release_date":"2016-07-29T08:20:09Z","generator":{"date":"2016-07-29T08:20:09Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2016:1909-1","initial_release_date":"2016-07-29T08:20:09Z","revision_history":[{"date":"2016-07-29T08:20:09Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"libarchive-devel-3.1.2-22.1.ppc64le","product":{"name":"libarchive-devel-3.1.2-22.1.ppc64le","product_id":"libarchive-devel-3.1.2-22.1.ppc64le"}},{"category":"product_version","name":"libarchive13-3.1.2-22.1.ppc64le","product":{"name":"libarchive13-3.1.2-22.1.ppc64le","product_id":"libarchive13-3.1.2-22.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"libarchive-devel-3.1.2-22.1.s390x","product":{"name":"libarchive-devel-3.1.2-22.1.s390x","product_id":"libarchive-devel-3.1.2-22.1.s390x"}},{"category":"product_version","name":"libarchive13-3.1.2-22.1.s390x","product":{"name":"libarchive13-3.1.2-22.1.s390x","product_id":"libarchive13-3.1.2-22.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"libarchive13-3.1.2-22.1.x86_64","product":{"name":"libarchive13-3.1.2-22.1.x86_64","product_id":"libarchive13-3.1.2-22.1.x86_64"}},{"category":"product_version","name":"libarchive-devel-3.1.2-22.1.x86_64","product":{"name":"libarchive-devel-3.1.2-22.1.x86_64","product_id":"libarchive-devel-3.1.2-22.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP1","product":{"name":"SUSE Linux Enterprise Desktop 12 SP1","product_id":"SUSE Linux Enterprise Desktop 12 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 12 SP1","product":{"name":"SUSE Linux Enterprise Software Development Kit 12 SP1","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sle-sdk:12:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP1","product":{"name":"SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP1","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1","product_id":"SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64"},"product_reference":"libarchive13-3.1.2-22.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive-devel-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le"},"product_reference":"libarchive-devel-3.1.2-22.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive-devel-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x"},"product_reference":"libarchive-devel-3.1.2-22.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive-devel-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"},"product_reference":"libarchive-devel-3.1.2-22.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le"},"product_reference":"libarchive13-3.1.2-22.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x"},"product_reference":"libarchive13-3.1.2-22.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64"},"product_reference":"libarchive13-3.1.2-22.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive13-3.1.2-22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le"},"product_reference":"libarchive13-3.1.2-22.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive13-3.1.2-22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x"},"product_reference":"libarchive13-3.1.2-22.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libarchive13-3.1.2-22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64"},"product_reference":"libarchive13-3.1.2-22.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP1"}]},"vulnerabilities":[{"cve":"CVE-2015-8918","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8918"}],"notes":[{"category":"general","text":"The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8918","url":"https://www.suse.com/security/cve/CVE-2015-8918"},{"category":"external","summary":"SUSE Bug 985698 for CVE-2015-8918","url":"https://bugzilla.suse.com/985698"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8918"},{"cve":"CVE-2015-8919","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8919"}],"notes":[{"category":"general","text":"The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8919","url":"https://www.suse.com/security/cve/CVE-2015-8919"},{"category":"external","summary":"SUSE Bug 985697 for CVE-2015-8919","url":"https://bugzilla.suse.com/985697"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8919"},{"cve":"CVE-2015-8920","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8920"}],"notes":[{"category":"general","text":"The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8920","url":"https://www.suse.com/security/cve/CVE-2015-8920"},{"category":"external","summary":"SUSE Bug 985675 for CVE-2015-8920","url":"https://bugzilla.suse.com/985675"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8920"},{"cve":"CVE-2015-8921","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8921"}],"notes":[{"category":"general","text":"The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8921","url":"https://www.suse.com/security/cve/CVE-2015-8921"},{"category":"external","summary":"SUSE Bug 985682 for CVE-2015-8921","url":"https://bugzilla.suse.com/985682"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8921"},{"cve":"CVE-2015-8922","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8922"}],"notes":[{"category":"general","text":"The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8922","url":"https://www.suse.com/security/cve/CVE-2015-8922"},{"category":"external","summary":"SUSE Bug 985685 for CVE-2015-8922","url":"https://bugzilla.suse.com/985685"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8922"},{"cve":"CVE-2015-8923","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8923"}],"notes":[{"category":"general","text":"The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8923","url":"https://www.suse.com/security/cve/CVE-2015-8923"},{"category":"external","summary":"SUSE Bug 985703 for CVE-2015-8923","url":"https://bugzilla.suse.com/985703"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8923"},{"cve":"CVE-2015-8924","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8924"}],"notes":[{"category":"general","text":"The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8924","url":"https://www.suse.com/security/cve/CVE-2015-8924"},{"category":"external","summary":"SUSE Bug 985609 for CVE-2015-8924","url":"https://bugzilla.suse.com/985609"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8924"},{"cve":"CVE-2015-8925","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8925"}],"notes":[{"category":"general","text":"The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8925","url":"https://www.suse.com/security/cve/CVE-2015-8925"},{"category":"external","summary":"SUSE Bug 985706 for CVE-2015-8925","url":"https://bugzilla.suse.com/985706"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8925"},{"cve":"CVE-2015-8926","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8926"}],"notes":[{"category":"general","text":"The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8926","url":"https://www.suse.com/security/cve/CVE-2015-8926"},{"category":"external","summary":"SUSE Bug 985704 for CVE-2015-8926","url":"https://bugzilla.suse.com/985704"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8926"},{"cve":"CVE-2015-8928","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8928"}],"notes":[{"category":"general","text":"The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8928","url":"https://www.suse.com/security/cve/CVE-2015-8928"},{"category":"external","summary":"SUSE Bug 985679 for CVE-2015-8928","url":"https://bugzilla.suse.com/985679"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8928"},{"cve":"CVE-2015-8929","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8929"}],"notes":[{"category":"general","text":"Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8929","url":"https://www.suse.com/security/cve/CVE-2015-8929"},{"category":"external","summary":"SUSE Bug 985669 for CVE-2015-8929","url":"https://bugzilla.suse.com/985669"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8929"},{"cve":"CVE-2015-8930","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8930"}],"notes":[{"category":"general","text":"bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8930","url":"https://www.suse.com/security/cve/CVE-2015-8930"},{"category":"external","summary":"SUSE Bug 985700 for CVE-2015-8930","url":"https://bugzilla.suse.com/985700"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8930"},{"cve":"CVE-2015-8931","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8931"}],"notes":[{"category":"general","text":"Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8931","url":"https://www.suse.com/security/cve/CVE-2015-8931"},{"category":"external","summary":"SUSE Bug 985689 for CVE-2015-8931","url":"https://bugzilla.suse.com/985689"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8931"},{"cve":"CVE-2015-8932","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8932"}],"notes":[{"category":"general","text":"The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8932","url":"https://www.suse.com/security/cve/CVE-2015-8932"},{"category":"external","summary":"SUSE Bug 985665 for CVE-2015-8932","url":"https://bugzilla.suse.com/985665"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8932"},{"cve":"CVE-2015-8933","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8933"}],"notes":[{"category":"general","text":"Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8933","url":"https://www.suse.com/security/cve/CVE-2015-8933"},{"category":"external","summary":"SUSE Bug 985688 for CVE-2015-8933","url":"https://bugzilla.suse.com/985688"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8933"},{"cve":"CVE-2015-8934","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8934"}],"notes":[{"category":"general","text":"The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8934","url":"https://www.suse.com/security/cve/CVE-2015-8934"},{"category":"external","summary":"SUSE Bug 985673 for CVE-2015-8934","url":"https://bugzilla.suse.com/985673"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2015-8934"},{"cve":"CVE-2016-4300","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-4300"}],"notes":[{"category":"general","text":"Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-4300","url":"https://www.suse.com/security/cve/CVE-2016-4300"},{"category":"external","summary":"SUSE Bug 985832 for CVE-2016-4300","url":"https://bugzilla.suse.com/985832"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2016-4300"},{"cve":"CVE-2016-4301","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-4301"}],"notes":[{"category":"general","text":"Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-4301","url":"https://www.suse.com/security/cve/CVE-2016-4301"},{"category":"external","summary":"SUSE Bug 985826 for CVE-2016-4301","url":"https://bugzilla.suse.com/985826"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2016-4301"},{"cve":"CVE-2016-4302","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-4302"}],"notes":[{"category":"general","text":"Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-4302","url":"https://www.suse.com/security/cve/CVE-2016-4302"},{"category":"external","summary":"SUSE Bug 985835 for CVE-2016-4302","url":"https://bugzilla.suse.com/985835"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"moderate"}],"title":"CVE-2016-4302"},{"cve":"CVE-2016-4809","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-4809"}],"notes":[{"category":"general","text":"The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-4809","url":"https://www.suse.com/security/cve/CVE-2016-4809"},{"category":"external","summary":"SUSE Bug 984990 for CVE-2016-4809","url":"https://bugzilla.suse.com/984990"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.s390x","SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-07-29T08:20:09Z","details":"low"}],"title":"CVE-2016-4809"}]}