{"affected":[{"ecosystem_specific":{"binaries":[{"libarchive13":"3.1.2-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"libarchive","purl":"pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.2-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libarchive-devel":"3.1.2-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"libarchive","purl":"pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.2-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libarchive13":"3.1.2-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"libarchive","purl":"pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.2-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libarchive13":"3.1.2-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"libarchive","purl":"pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.2-22.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"libarchive was updated to fix 20 security issues.\n\nThese security issues were fixed:\n- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).\n- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).\n- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).\n- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).\n- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).\n- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).\n- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).\n- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).\n- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).\n- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).\n- CVE-2015-8929: Memory leak in tar parser (bsc#985669).\n- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).\n- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).\n- CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).\n- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).\n- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).\n- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).\n- CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).\n- CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).\n- CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).\n","id":"SUSE-SU-2016:1909-1","modified":"2016-07-29T08:20:09Z","published":"2016-07-29T08:20:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161909-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/984990"},{"type":"REPORT","url":"https://bugzilla.suse.com/985609"},{"type":"REPORT","url":"https://bugzilla.suse.com/985665"},{"type":"REPORT","url":"https://bugzilla.suse.com/985669"},{"type":"REPORT","url":"https://bugzilla.suse.com/985673"},{"type":"REPORT","url":"https://bugzilla.suse.com/985675"},{"type":"REPORT","url":"https://bugzilla.suse.com/985679"},{"type":"REPORT","url":"https://bugzilla.suse.com/985682"},{"type":"REPORT","url":"https://bugzilla.suse.com/985685"},{"type":"REPORT","url":"https://bugzilla.suse.com/985688"},{"type":"REPORT","url":"https://bugzilla.suse.com/985689"},{"type":"REPORT","url":"https://bugzilla.suse.com/985697"},{"type":"REPORT","url":"https://bugzilla.suse.com/985698"},{"type":"REPORT","url":"https://bugzilla.suse.com/985700"},{"type":"REPORT","url":"https://bugzilla.suse.com/985703"},{"type":"REPORT","url":"https://bugzilla.suse.com/985704"},{"type":"REPORT","url":"https://bugzilla.suse.com/985706"},{"type":"REPORT","url":"https://bugzilla.suse.com/985826"},{"type":"REPORT","url":"https://bugzilla.suse.com/985832"},{"type":"REPORT","url":"https://bugzilla.suse.com/985835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8918"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8919"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8920"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8921"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8922"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8923"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8924"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8925"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8926"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8928"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8929"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8930"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8931"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8932"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8933"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8934"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4300"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4301"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4302"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4809"}],"related":["CVE-2015-8918","CVE-2015-8919","CVE-2015-8920","CVE-2015-8921","CVE-2015-8922","CVE-2015-8923","CVE-2015-8924","CVE-2015-8925","CVE-2015-8926","CVE-2015-8928","CVE-2015-8929","CVE-2015-8930","CVE-2015-8931","CVE-2015-8932","CVE-2015-8933","CVE-2015-8934","CVE-2016-4300","CVE-2016-4301","CVE-2016-4302","CVE-2016-4809"],"summary":"Security update for libarchive","upstream":["CVE-2015-8918","CVE-2015-8919","CVE-2015-8920","CVE-2015-8921","CVE-2015-8922","CVE-2015-8923","CVE-2015-8924","CVE-2015-8925","CVE-2015-8926","CVE-2015-8928","CVE-2015-8929","CVE-2015-8930","CVE-2015-8931","CVE-2015-8932","CVE-2015-8933","CVE-2015-8934","CVE-2016-4300","CVE-2016-4301","CVE-2016-4302","CVE-2016-4809"]}