Описание
Security update for libarchive
This update for libarchive fixes the following issues:
- CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606)
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610)
Список пакетов
Container bci/spack:latest
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Development Tools 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:0985-1
- E-Mail link for SUSE-SU-2025:0985-1
- SUSE Security Ratings
- SUSE Bug 1237606
- SUSE Bug 1238610
- SUSE CVE CVE-2025-1632 page
- SUSE CVE CVE-2025-25724 page
Описание
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Затронутые продукты
Ссылки
- CVE-2025-1632
- SUSE Bug 1237606
Описание
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
Затронутые продукты
Ссылки
- CVE-2025-25724
- SUSE Bug 1238610