Recommended update for libarchive SUSE Patch security@suse.de SUSE Security Team SUSE-RU-2021:2757-1 Final 1 1 2021-08-17T11:47:07Z current 2021-08-17T11:47:07Z 2021-08-17T11:47:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for libarchive This update for libarchive fixes the following issues: libarchive was updated to version 3.3.3 * Avoid super-linear slowdown on malformed mtree files * Many fixes for building with Visual Studio * NO_OVERWRITE doesn't change existing directory attributes * New support for Zstandard read and write filters * Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503 - Needed by of Firefox91 (bsc#1188891) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-2757,SUSE-SLE-Product-HPC-15-2021-2757,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2757,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2757,SUSE-SLE-Product-SLES-15-2021-2757,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2757,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2757,SUSE-SLE-Product-SLES_SAP-15-2021-2757,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2757,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2757,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2757,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2757,SUSE-Storage-6-2021-2757 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement//suse-ru-20212757-1/ Link for SUSE-RU-2021:2757-1 https://lists.suse.com/pipermail/sle-updates/2021-August/019872.html E-Mail link for SUSE-RU-2021:2757-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1188891 SUSE Bug 1188891 https://www.suse.com/security/cve/CVE-2017-14166/ SUSE CVE CVE-2017-14166 page https://www.suse.com/security/cve/CVE-2017-14501/ SUSE CVE CVE-2017-14501 page https://www.suse.com/security/cve/CVE-2017-14502/ SUSE CVE CVE-2017-14502 page https://www.suse.com/security/cve/CVE-2017-14503/ SUSE CVE CVE-2017-14503 page https://www.suse.com/security/cve/CVE-2019-18408/ SUSE CVE CVE-2019-18408 page SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 bsdtar-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-32bit-3.3.3-3.14.1 libarchive13-64bit-3.3.3-3.14.1 bsdtar-3.3.3-3.14.1 as a component of SUSE Enterprise Storage 6 libarchive-devel-3.3.3-3.14.1 as a component of SUSE Enterprise Storage 6 libarchive13-3.3.3-3.14.1 as a component of SUSE Enterprise Storage 6 bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15-LTSS libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15-LTSS libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server 15-LTSS bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 bsdtar-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libarchive-devel-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libarchive13-3.3.3-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 bsdtar-3.3.3-3.14.1 as a component of SUSE Manager Proxy 4.0 libarchive-devel-3.3.3-3.14.1 as a component of SUSE Manager Proxy 4.0 libarchive13-3.3.3-3.14.1 as a component of SUSE Manager Proxy 4.0 bsdtar-3.3.3-3.14.1 as a component of SUSE Manager Retail Branch Server 4.0 libarchive-devel-3.3.3-3.14.1 as a component of SUSE Manager Retail Branch Server 4.0 libarchive13-3.3.3-3.14.1 as a component of SUSE Manager Retail Branch Server 4.0 bsdtar-3.3.3-3.14.1 as a component of SUSE Manager Server 4.0 libarchive-devel-3.3.3-3.14.1 as a component of SUSE Manager Server 4.0 libarchive13-3.3.3-3.14.1 as a component of SUSE Manager Server 4.0 libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. CVE-2017-14166 SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1 SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 6.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20212757-1/ https://www.suse.com/security/cve/CVE-2017-14166.html CVE-2017-14166 https://bugzilla.suse.com/1057514 SUSE Bug 1057514 An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. CVE-2017-14501 SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1 SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20212757-1/ https://www.suse.com/security/cve/CVE-2017-14501.html CVE-2017-14501 https://bugzilla.suse.com/1059139 SUSE Bug 1059139 read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. CVE-2017-14502 SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1 SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20212757-1/ https://www.suse.com/security/cve/CVE-2017-14502.html CVE-2017-14502 https://bugzilla.suse.com/1059134 SUSE Bug 1059134 libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. CVE-2017-14503 SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1 SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20212757-1/ https://www.suse.com/security/cve/CVE-2017-14503.html CVE-2017-14503 https://bugzilla.suse.com/1059100 SUSE Bug 1059100 archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. CVE-2019-18408 SUSE Enterprise Storage 6:bsdtar-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive-devel-3.3.3-3.14.1 SUSE Enterprise Storage 6:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libarchive13-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:bsdtar-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive-devel-3.3.3-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libarchive13-3.3.3-3.14.1 SUSE Manager Proxy 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Proxy 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Retail Branch Server 4.0:libarchive13-3.3.3-3.14.1 SUSE Manager Server 4.0:bsdtar-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive-devel-3.3.3-3.14.1 SUSE Manager Server 4.0:libarchive13-3.3.3-3.14.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20212757-1/ https://www.suse.com/security/cve/CVE-2019-18408.html CVE-2019-18408 https://bugzilla.suse.com/1155079 SUSE Bug 1155079