OESA-2025-1310

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1310

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1310.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2025-1310

Upstream

CVE-2025-1632

CVE-2025-25724

Published

2025-03-21T13:18:10Z

Modified

2025-09-03T06:20:51.293848Z

Summary

libarchive security update

Details

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use .

Security Fix(es):

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.(CVE-2025-1632)

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.(CVE-2025-25724)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:24.03-LTS / libarchive

Package

Name: libarchive
Purl: pkg:rpm/openEuler/libarchive&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.1-6.oe2403

Ecosystem specific

{
    "src": [
        "libarchive-3.7.1-6.oe2403.src.rpm"
    ],
    "x86_64": [
        "bsdcat-3.7.1-6.oe2403.x86_64.rpm",
        "bsdcpio-3.7.1-6.oe2403.x86_64.rpm",
        "bsdtar-3.7.1-6.oe2403.x86_64.rpm",
        "bsdunzip-3.7.1-6.oe2403.x86_64.rpm",
        "libarchive-3.7.1-6.oe2403.x86_64.rpm",
        "libarchive-debuginfo-3.7.1-6.oe2403.x86_64.rpm",
        "libarchive-debugsource-3.7.1-6.oe2403.x86_64.rpm",
        "libarchive-devel-3.7.1-6.oe2403.x86_64.rpm"
    ],
    "noarch": [
        "libarchive-help-3.7.1-6.oe2403.noarch.rpm"
    ],
    "aarch64": [
        "bsdcat-3.7.1-6.oe2403.aarch64.rpm",
        "bsdcpio-3.7.1-6.oe2403.aarch64.rpm",
        "bsdtar-3.7.1-6.oe2403.aarch64.rpm",
        "bsdunzip-3.7.1-6.oe2403.aarch64.rpm",
        "libarchive-3.7.1-6.oe2403.aarch64.rpm",
        "libarchive-debuginfo-3.7.1-6.oe2403.aarch64.rpm",
        "libarchive-debugsource-3.7.1-6.oe2403.aarch64.rpm",
        "libarchive-devel-3.7.1-6.oe2403.aarch64.rpm"
    ]
}