Security update for libarchive SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2082-1 Final 1 1 2024-06-19T05:33:57Z current 2024-06-19T05:33:57Z 2024-06-19T05:33:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libarchive This update for libarchive fixes the following issues: - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP3-SAPCAL-Azure-2024-2082,Image SLES15-SP3-SAPCAL-EC2-HVM-2024-2082,Image SLES15-SP3-SAPCAL-GCE-2024-2082,SUSE-2024-2082,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2082,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2082,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2082,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2082,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2082,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2082,SUSE-Storage-7.1-2024-2082 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242082-1/ Link for SUSE-SU-2024:2082-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035638.html E-Mail link for SUSE-SU-2024:2082-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1225971 SUSE Bug 1225971 https://www.suse.com/security/cve/CVE-2024-20696/ SUSE CVE CVE-2024-20696 page Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-EC2-HVM Image SLES15-SP3-SAPCAL-GCE SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 libarchive13-3.4.2-150200.4.18.1 bsdtar-3.4.2-150200.4.18.1 libarchive-devel-3.4.2-150200.4.18.1 libarchive13-32bit-3.4.2-150200.4.18.1 libarchive13-64bit-3.4.2-150200.4.18.1 libarchive13-3.4.2-150200.4.18.1 as a component of Image SLES15-SP3-SAPCAL-Azure libarchive13-3.4.2-150200.4.18.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM libarchive13-3.4.2-150200.4.18.1 as a component of Image SLES15-SP3-SAPCAL-GCE bsdtar-3.4.2-150200.4.18.1 as a component of SUSE Enterprise Storage 7.1 libarchive-devel-3.4.2-150200.4.18.1 as a component of SUSE Enterprise Storage 7.1 libarchive13-3.4.2-150200.4.18.1 as a component of SUSE Enterprise Storage 7.1 bsdtar-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libarchive-devel-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libarchive13-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS bsdtar-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libarchive-devel-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libarchive13-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS bsdtar-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libarchive-devel-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libarchive13-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS bsdtar-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libarchive-devel-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libarchive13-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS bsdtar-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libarchive-devel-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libarchive13-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 bsdtar-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libarchive-devel-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libarchive13-3.4.2-150200.4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 Windows libarchive Remote Code Execution Vulnerability CVE-2024-20696 Image SLES15-SP3-SAPCAL-Azure:libarchive13-3.4.2-150200.4.18.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libarchive13-3.4.2-150200.4.18.1 Image SLES15-SP3-SAPCAL-GCE:libarchive13-3.4.2-150200.4.18.1 SUSE Enterprise Storage 7.1:bsdtar-3.4.2-150200.4.18.1 SUSE Enterprise Storage 7.1:libarchive-devel-3.4.2-150200.4.18.1 SUSE Enterprise Storage 7.1:libarchive13-3.4.2-150200.4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bsdtar-3.4.2-150200.4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libarchive-devel-3.4.2-150200.4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libarchive13-3.4.2-150200.4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bsdtar-3.4.2-150200.4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libarchive-devel-3.4.2-150200.4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libarchive13-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server 15 SP2-LTSS:bsdtar-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libarchive-devel-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libarchive13-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server 15 SP3-LTSS:bsdtar-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libarchive-devel-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libarchive13-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:bsdtar-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libarchive-devel-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libarchive13-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:bsdtar-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libarchive-devel-3.4.2-150200.4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libarchive13-3.4.2-150200.4.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242082-1/ https://www.suse.com/security/cve/CVE-2024-20696.html CVE-2024-20696 https://bugzilla.suse.com/1225971 SUSE Bug 1225971 https://bugzilla.suse.com/1225972 SUSE Bug 1225972