SUSE-SU-2025:3791-1

Опубликовано: 24 окт. 2025

Источник: suse-cvrf

Описание

Security update for p7zip

This update for p7zip fixes the following issues:

CVE-2022-47069: heap buffer overflow in ZipIn.cpp file (bsc#1209648).
CVE-2025-53817: null pointer dereference may lead to denial of service (bsc#1246707).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6

p7zip-16.02-150200.14.15.1

p7zip-full-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

p7zip-16.02-150200.14.15.1

p7zip-full-16.02-150200.14.15.1

openSUSE Leap 15.6

p7zip-16.02-150200.14.15.1

p7zip-doc-16.02-150200.14.15.1

p7zip-full-16.02-150200.14.15.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20253791-1/
Link for SUSE-SU-2025:3791-1
https://lists.suse.com/pipermail/sle-updates/2025-October/042297.html
E-Mail link for SUSE-SU-2025:3791-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209648
SUSE Bug 1209648
https://bugzilla.suse.com/1246707
SUSE Bug 1246707
https://www.suse.com/security/cve/CVE-2022-47069/
SUSE CVE CVE-2022-47069 page
https://www.suse.com/security/cve/CVE-2023-1576/
SUSE CVE CVE-2023-1576 page
https://www.suse.com/security/cve/CVE-2025-53817/
SUSE CVE CVE-2025-53817 page

Описание

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-full-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-full-16.02-150200.14.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-47069.html
CVE-2022-47069
https://bugzilla.suse.com/1209648
SUSE Bug 1209648
https://bugzilla.suse.com/1216265
SUSE Bug 1216265

Описание

This is a duplicate of an earlier CVE, CVE-2022-47069.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-full-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-full-16.02-150200.14.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-1576.html
CVE-2023-1576
https://bugzilla.suse.com/1209648
SUSE Bug 1209648

Описание

7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-full-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-16.02-150200.14.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-full-16.02-150200.14.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-53817.html
CVE-2025-53817
https://bugzilla.suse.com/1246707
SUSE Bug 1246707

SUSE-SU-2025:3791-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Basesystem 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2022-47069

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-1576

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-53817

Описание

Затронутые продукты

Ссылки