Updated libarchive packages fix security vulnerabilities
Publication date: 02 Jul 2025Modification date: 02 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5914 , CVE-2025-5915 , CVE-2025-5916 , CVE-2025-5917
Description
Double free at archive_read_format_rar_seek_data() in
archive_read_support_format_rar.c. (CVE-2025-5914)
Heap buffer over read in copy_from_lzss_window() at
archive_read_support_format_rar.c. (CVE-2025-5915)
Integer overflow while reading warc files at
archive_read_support_format_warc.c. (CVE-2025-5916)
Off by one error in build_ustar_entry_name() at
archive_write_set_format_pax.c. (CVE-2025-5917)
References
- https://bugs.mageia.org/show_bug.cgi?id=34402
- https://ubuntu.com/security/notices/USN-7601-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917
SRPMS
9/core
- libarchive-3.6.2-5.5.mga9