{"affected":[{"ecosystem_specific":{"binaries":[{"clamsap":"0.98.9-0.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"clamsap","purl":"pkg:rpm/suse/clamsap&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.98.9-0.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nThis update fixes the following security issues: \n\nCVE-2015-2278: The LZH decompression implementation allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes.\n\nCVE-2015-2282: Stack-based buffer overflow in the LZC decompression implementation allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors\n\n","id":"SUSE-SU-2016:0807-1","modified":"2016-03-17T14:38:46Z","published":"2016-03-17T14:38:46Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160807-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/935939"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2278"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2282"}],"related":["CVE-2015-2278","CVE-2015-2282"],"summary":"Security update for clamsap","upstream":["CVE-2015-2278","CVE-2015-2282"]}