Описание
Security update for 7zip
This update for 7zip fixes the following issues:
-
Update to 25.01 (boo#1249130)
- The code for handling symbolic links has been changed to provide greater security when extracting files from archives
- Command line switch -snld20 can be used to bypass default security checks when creating symbolic links.
-
Update to 25.00:
- bzip2 compression speed was increased by 15-40%.
- deflate (zip/gz) compression speed was increased by 1-3%.
- improved support for zip, cpio and fat archives.
- CVE-2025-53816: Fixed input manipulation leading to heap buffer overflow (bsc#1246706)
- CVE-2025-53817: Fixed null pointer dereference leading to denial of service (bsc#1246707)
Список пакетов
openSUSE Leap 16.0
7zip-25.01-160000.1.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1246706
- SUSE Bug 1246707
- SUSE Bug 1249130
- SUSE CVE CVE-2025-53816 page
- SUSE CVE CVE-2025-53817 page
Описание
7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.
Затронутые продукты
openSUSE Leap 16.0:7zip-25.01-160000.1.1
Ссылки
- CVE-2025-53816
- SUSE Bug 1246706
Описание
7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.
Затронутые продукты
openSUSE Leap 16.0:7zip-25.01-160000.1.1
Ссылки
- CVE-2025-53817
- SUSE Bug 1246707