{"affected":[{"ecosystem_specific":{"binaries":[{"libarchive-devel":"3.5.1-150400.3.3.1","libarchive13":"3.5.1-150400.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","name":"libarchive","purl":"pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.1-150400.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bsdtar":"3.5.1-150400.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP4","name":"libarchive","purl":"pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.1-150400.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bsdtar":"3.5.1-150400.3.3.1","libarchive-devel":"3.5.1-150400.3.3.1","libarchive13":"3.5.1-150400.3.3.1","libarchive13-32bit":"3.5.1-150400.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"libarchive","purl":"pkg:rpm/opensuse/libarchive&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.1-150400.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libarchive fixes the following issues:\n\n- CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init (bsc#1197634).\n- CVE-2021-36976: Fixed use-after-free in copy_string (called from do_uncompress_block and process_block) (bsc#1188572).\n- CVE-2017-5601: Fixed out-of-bounds memory access preventing denial-of-service (bsc#1197634, bsc#1189528).\n","id":"SUSE-SU-2022:1930-1","modified":"2022-06-02T15:34:49Z","published":"2022-06-02T15:34:49Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20221930-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1022528"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188572"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189528"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197634"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5601"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-36976"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-26280"}],"related":["CVE-2017-5601","CVE-2021-36976","CVE-2022-26280"],"summary":"Security update for libarchive","upstream":["CVE-2017-5601","CVE-2021-36976","CVE-2022-26280"]}