CVE-2016-2037: The cpiosafername_suffix function in util.c in cpio allowed remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file (bsc#963448).
This non-security issue was fixed:
bsc#1020108: Always use 32 bit CRC to prevent checksum errors for files greater than 32MB