Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-5914 (GCVE-0-2025-5914)
Vulnerability from cvelistv5 – Published: 2025-06-09 19:53 – Updated: 2026-06-05 00:13
VLAI
EPSS
Title
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
Summary
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
32 references
Impacted products
55 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 3.8.0
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.7.7-4.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:3.1.2-14.el7_9.1 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:3.3.3-6.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:3.3.2-8.el8_2.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:3.3.3-1.el8_4.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.3.3-1.el8_4.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:3.3.3-6.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:3.3.3-6.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:3.3.3-6.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:3.3.3-5.el8_8.1 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:3.3.3-5.el8_8.1 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.5.3-6.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:3.5.3-2.el9_0.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:3.5.3-5.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:3.5.3-4.el9_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
Unaffected:
414.92.202510211419-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
415.92.202601271320-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
416.94.202601071926-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
417.94.202510112152-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
418.94.202510230424-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
Unaffected:
4.19.9.6.202510140714-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.20 |
Unaffected:
4.20.9.6.202509251656-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.20::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 |
Unaffected:
1.11-19 , < *
(rpm)
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 |
Unaffected:
1.11-8 , < *
(rpm)
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 on RHEL 9 |
Unaffected:
1.12-4 , < *
(rpm)
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-11 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-10 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-4 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-9 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-12 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-18 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | RHOSS-1.36-RHEL-8 |
Unaffected:
1.36.0-7 , < *
(rpm)
cpe:/a:redhat:openshift_serverless:1.36::el8 |
|
| Red Hat | cert-manager operator for Red Hat OpenShift 1.16 |
Unaffected:
v1.16.5-1760515757 , < *
(rpm)
cpe:/a:redhat:cert_manager:1.16::el9 |
|
| Red Hat | OpenShift Compliance Operator 1 |
Unaffected:
1.8.0 , < *
(rpm)
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | OpenShift File Integrity Operator - FIO 1 |
Unaffected:
v1.3 , < *
(rpm)
cpe:/a:redhat:openshift_file_integrity_operator:1::el9 |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
2.2.1-1758555934 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Insights proxy 1.5 |
Unaffected:
1.5.6-1756187445 , < *
(rpm)
cpe:/a:redhat:insights_proxy:1.5::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116455 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116482 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116441 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116449 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116439 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116447 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756128595 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756125872 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.5.1 |
Unaffected:
rhosdt-3.5-1756116445 , < *
(rpm)
cpe:/a:redhat:openshift_distributed_tracing:3.5::el8 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757422110 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757421846 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757421804 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757422070 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757421879 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757422401 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 |
Unaffected:
1.10.2-1757421890 , < *
(rpm)
cpe:/a:redhat:confidential_compute_attestation:1.10::el9 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-05-20 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5914",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:14:35.773233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:30:42.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/libarchive/libarchive/pull/2598"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/libarchive/libarchive/",
"defaultStatus": "unaffected",
"packageName": "libarchive",
"versions": [
{
"lessThan": "3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.7-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.2-14.el7_9.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-6.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.2-8.el8_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-1.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-1.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-5.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.3-5.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-6.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-6.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-2.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-5.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.3-4.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "414.92.202510211419-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "415.92.202601271320-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "416.94.202601071926-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "417.94.202510112152-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "418.94.202510230424-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.19.9.6.202510140714-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.20.9.6.202509251656-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-rhel9-operator",
"product": "Red Hat Web Terminal 1.11 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.11-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-tooling-rhel9",
"product": "Red Hat Web Terminal 1.11 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.11-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"packageName": "web-terminal/web-terminal-tooling-rhel9",
"product": "Red Hat Web Terminal 1.12 on RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.12-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-management-console-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-operator-bundle",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-rhel8-operator",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-18",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.36::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
"product": "RHOSS-1.36-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.36.0-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:cert_manager:1.16::el9"
],
"defaultStatus": "affected",
"packageName": "cert-manager/jetstack-cert-manager-rhel9",
"product": "cert-manager operator for Red Hat OpenShift 1.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.16.5-1760515757",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-must-gather-rhel8",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-openscap-rhel8",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-compliance-rhel8-operator",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
],
"defaultStatus": "affected",
"packageName": "compliance/openshift-file-integrity-rhel8-operator",
"product": "OpenShift File Integrity Operator - FIO 1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.2.1-1758555934",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.5.6-1756187445",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-agent-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116455",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-all-in-one-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116482",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-collector-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116441",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116449",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-es-rollover-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116439",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-ingester-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116447",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-operator-bundle",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756128595",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-query-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756125872",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/jaeger-rhel8-operator",
"product": "Red Hat OpenShift distributed tracing 3.5.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "rhosdt-3.5-1756116445",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757422110",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757421846",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757421804",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-must-gather-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757422070",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757421879",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757422401",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-rhel9-operator",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.10.2-1757421890",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"datePublic": "2025-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T00:13:24.064Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:14130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14130"
},
{
"name": "RHSA-2025:14135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14135"
},
{
"name": "RHSA-2025:14137",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14137"
},
{
"name": "RHSA-2025:14141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14141"
},
{
"name": "RHSA-2025:14142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14142"
},
{
"name": "RHSA-2025:14525",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14525"
},
{
"name": "RHSA-2025:14528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14528"
},
{
"name": "RHSA-2025:14594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14594"
},
{
"name": "RHSA-2025:14644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"name": "RHSA-2025:14808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14808"
},
{
"name": "RHSA-2025:14810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14810"
},
{
"name": "RHSA-2025:14828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14828"
},
{
"name": "RHSA-2025:15024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15024"
},
{
"name": "RHSA-2025:15397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"name": "RHSA-2025:15709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"name": "RHSA-2025:15827",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"name": "RHSA-2025:15828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"name": "RHSA-2025:16524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"name": "RHSA-2025:18217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18217"
},
{
"name": "RHSA-2025:18218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18218"
},
{
"name": "RHSA-2025:18219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"name": "RHSA-2025:19041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19041"
},
{
"name": "RHSA-2025:19046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19046"
},
{
"name": "RHSA-2025:21885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"name": "RHSA-2025:21913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"name": "RHSA-2026:0326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"name": "RHSA-2026:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"name": "RHSA-2026:1541",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"name": "RHBZ#2370861",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-06T17:58:25.491Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-05-20T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-5914",
"datePublished": "2025-06-09T19:53:48.923Z",
"dateReserved": "2025-06-09T08:10:18.779Z",
"dateUpdated": "2026-06-05T00:13:24.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-5914",
"date": "2026-06-19",
"epss": "0.00326",
"percentile": "0.24173"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-5914\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-06-09T20:15:26.123\",\"lastModified\":\"2026-02-05T20:15:52.523\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en la librer\u00eda libarchive, espec\u00edficamente en la funci\u00f3n archive_read_format_rar_seek_data(). Esta falla implica un desbordamiento de enteros que puede provocar una condici\u00f3n de doble liberaci\u00f3n. Explotar una vulnerabilidad de doble liberaci\u00f3n puede provocar corrupci\u00f3n de memoria, lo que permite a un atacante ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.8.0\",\"matchCriteriaId\":\"FCC41392-D22A-4BE5-B7E7-DE5D6BA40052\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14130\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14135\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14137\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14141\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14142\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14525\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14528\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14594\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14644\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14808\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14810\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14828\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15024\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15397\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15709\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15827\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15828\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:16524\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18217\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18218\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19041\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19046\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:21885\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:21913\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:0326\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:0934\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:1541\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-5914\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2370861\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libarchive/libarchive/pull/2598\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/libarchive/libarchive/releases/tag/v3.8.0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/libarchive/libarchive/pull/2598\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5914\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-10T15:14:35.773233Z\"}}}], \"references\": [{\"url\": \"https://github.com/libarchive/libarchive/pull/2598\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-10T14:23:42.747Z\"}}], \"cna\": {\"title\": \"Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.8.0\", \"versionType\": \"semver\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://github.com/libarchive/libarchive/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.7.7-4.el10_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7 Extended Lifecycle Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.1.2-14.el7_9.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::crb\", \"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-6.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.2-8.el8_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-1.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-1.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-6.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-6.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-6.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-5.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.3.3-5.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-6.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-6.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\", \"cpe:/o:redhat:rhel_e4s:9.0::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-2.el9_0.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\", \"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-5.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\", \"cpe:/a:redhat:rhel_eus:9.4::crb\", \"cpe:/o:redhat:rhel_eus:9.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.5.3-4.el9_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"414.92.202510211419-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"415.92.202601271320-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"416.94.202601071926-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"417.94.202510112152-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"418.94.202510230424-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.19.9.6.202510140714-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.20::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.20\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.20.9.6.202509251656-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.11-19\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.11-8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-tooling-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.12 on RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.12-4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"web-terminal/web-terminal-tooling-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-data-index-ephemeral-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-data-index-postgresql-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-db-migrator-tool-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-jobs-service-postgresql-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-management-console-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-12\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-18\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-11\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-swf-builder-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_serverless:1.36::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHOSS-1.36-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.36.0-7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-serverless-1/logic-swf-devmode-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager operator for Red Hat OpenShift 1.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v1.16.5-1760515757\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"cert-manager/jetstack-cert-manager-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-must-gather-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-openscap-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.8.0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-compliance-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift File Integrity Operator - FIO 1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v1.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"compliance/openshift-file-integrity-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.2.1-1758555934\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-server-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:insights_proxy:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Insights proxy 1.5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.5.6-1756187445\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"insights-proxy/insights-proxy-container-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116455\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-agent-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116482\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-all-in-one-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116441\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-collector-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116449\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-es-index-cleaner-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116439\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-es-rollover-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116447\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-ingester-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756128595\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756125872\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-query-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.5.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"rhosdt-3.5-1756116445\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/jaeger-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757422110\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757421846\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757421804\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-monitor-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757422070\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-must-gather-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757421879\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-podvm-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757422401\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-podvm-payload-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.2-1757421890\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift-sandboxed-containers/osc-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"libarchive\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-06T17:58:25.491Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-05-20T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-05-20T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:14130\", \"name\": \"RHSA-2025:14130\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14135\", \"name\": \"RHSA-2025:14135\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14137\", \"name\": \"RHSA-2025:14137\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14141\", \"name\": \"RHSA-2025:14141\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14142\", \"name\": \"RHSA-2025:14142\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14525\", \"name\": \"RHSA-2025:14525\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14528\", \"name\": \"RHSA-2025:14528\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14594\", \"name\": \"RHSA-2025:14594\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14644\", \"name\": \"RHSA-2025:14644\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14808\", \"name\": \"RHSA-2025:14808\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14810\", \"name\": \"RHSA-2025:14810\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:14828\", \"name\": \"RHSA-2025:14828\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15024\", \"name\": \"RHSA-2025:15024\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15397\", \"name\": \"RHSA-2025:15397\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15709\", \"name\": \"RHSA-2025:15709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15827\", \"name\": \"RHSA-2025:15827\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15828\", \"name\": \"RHSA-2025:15828\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:16524\", \"name\": \"RHSA-2025:16524\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18217\", \"name\": \"RHSA-2025:18217\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18218\", \"name\": \"RHSA-2025:18218\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18219\", \"name\": \"RHSA-2025:18219\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19041\", \"name\": \"RHSA-2025:19041\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19046\", \"name\": \"RHSA-2025:19046\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:21885\", \"name\": \"RHSA-2025:21885\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:21913\", \"name\": \"RHSA-2025:21913\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:0326\", \"name\": \"RHSA-2026:0326\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:0934\", \"name\": \"RHSA-2026:0934\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:1541\", \"name\": \"RHSA-2026:1541\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-5914\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2370861\", \"name\": \"RHBZ#2370861\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/libarchive/libarchive/pull/2598\"}, {\"url\": \"https://github.com/libarchive/libarchive/releases/tag/v3.8.0\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-05T00:13:24.064Z\"}, \"x_redhatCweChain\": \"CWE-190: Integer Overflow or Wraparound\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-5914\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-05T00:13:24.064Z\", \"dateReserved\": \"2025-06-09T08:10:18.779Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-06-09T19:53:48.923Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:1541
Vulnerability from csaf_redhat - Published: 2026-02-05 16:26 - Updated: 2026-06-05 00:28Summary
Red Hat Security Advisory: OpenShift Container Platform 4.15.61 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.15.61 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.15.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.15.61. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2026:1540
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/
Security Fix(es):
* libarchive: Double free at archive_read_format_rar_seek_data() in
archive_read_support_format_rar.c (CVE-2025-5914)
* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)
* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory
allocations via a small document that is submitted for parsing
(CVE-2025-59375)
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend
(CVE-2025-5987)
* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in
libexslt/dynamic.c (CVE-2025-9714)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.15 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
51 references
Acknowledgments
Ronald Crane
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.15.61 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.15.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.15.61. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2026:1540\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nSecurity Fix(es):\n\n* libarchive: Double free at archive_read_format_rar_seek_data() in\narchive_read_support_format_rar.c (CVE-2025-5914)\n* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)\n* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)\n* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory\nallocations via a small document that is submitted for parsing\n(CVE-2025-59375)\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend\n(CVE-2025-5987)\n* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in\nlibexslt/dynamic.c (CVE-2025-9714)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1541",
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1541.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.15.61 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T00:28:10+00:00",
"generator": {
"date": "2026-06-05T00:28:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:1541",
"initial_release_date": "2026-02-05T16:26:06+00:00",
"revision_history": [
{
"date": "2026-02-05T16:26:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T16:26:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:28:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.15",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15",
"product_id": "9Base-RHOSE-4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.15::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-415.92.202601271320-0",
"product": {
"name": "rhcos-aarch64-415.92.202601271320-0",
"product_id": "rhcos-aarch64-415.92.202601271320-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@415.92.202601271320?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-415.92.202601271320-0",
"product": {
"name": "rhcos-ppc64le-415.92.202601271320-0",
"product_id": "rhcos-ppc64le-415.92.202601271320-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@415.92.202601271320?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-415.92.202601271320-0",
"product": {
"name": "rhcos-s390x-415.92.202601271320-0",
"product_id": "rhcos-s390x-415.92.202601271320-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@415.92.202601271320?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-415.92.202601271320-0",
"product": {
"name": "rhcos-x86_64-415.92.202601271320-0",
"product_id": "rhcos-x86_64-415.92.202601271320-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@415.92.202601271320?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15",
"product_id": "9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0"
},
"product_reference": "rhcos-aarch64-415.92.202601271320-0",
"relates_to_product_reference": "9Base-RHOSE-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15",
"product_id": "9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0"
},
"product_reference": "rhcos-ppc64le-415.92.202601271320-0",
"relates_to_product_reference": "9Base-RHOSE-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15",
"product_id": "9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0"
},
"product_reference": "rhcos-s390x-415.92.202601271320-0",
"relates_to_product_reference": "9Base-RHOSE-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15",
"product_id": "9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
},
"product_reference": "rhcos-x86_64-415.92.202601271320-0",
"relates_to_product_reference": "9Base-RHOSE-4.15"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T16:26:06+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d517885ee59d46c2aca8be69fdcf916f78a510ae76a5a9f7875c1c5ab3cfc3c1\n\n (For s390x architecture)\n The image digest is sha256:3a4a7c87e8ca5f4e3803f8f203599b25055276a532df8e0b66ec4ec2ebc51f4c\n\n (For ppc64le architecture)\n The image digest is sha256:f34818181660a9f58a59e06dbe58f24de82dcbb688e5f940a41e62e08f1edf94\n\n (For aarch64 architecture)\n The image digest is sha256:24eeb2ea15ac709ed08df9b6f1a5d1ac334c4f7335c0ae5249e17298ab297517\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T16:26:06+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d517885ee59d46c2aca8be69fdcf916f78a510ae76a5a9f7875c1c5ab3cfc3c1\n\n (For s390x architecture)\n The image digest is sha256:3a4a7c87e8ca5f4e3803f8f203599b25055276a532df8e0b66ec4ec2ebc51f4c\n\n (For ppc64le architecture)\n The image digest is sha256:f34818181660a9f58a59e06dbe58f24de82dcbb688e5f940a41e62e08f1edf94\n\n (For aarch64 architecture)\n The image digest is sha256:24eeb2ea15ac709ed08df9b6f1a5d1ac334c4f7335c0ae5249e17298ab297517\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-07-03T21:55:26.394000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security Team has rated this vulnerability as having a Moderate security impact. This is due to the high complexity in exploiting this flaw. For a successful attack to take place an attacker needs to manage to exhaust the heap space to for the OpenSSL library to return the error code which wrongly match the SSH_OK return code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5987"
},
{
"category": "external",
"summary": "RHBZ#2376219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5987.txt"
}
],
"release_date": "2025-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T16:26:06+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d517885ee59d46c2aca8be69fdcf916f78a510ae76a5a9f7875c1c5ab3cfc3c1\n\n (For s390x architecture)\n The image digest is sha256:3a4a7c87e8ca5f4e3803f8f203599b25055276a532df8e0b66ec4ec2ebc51f4c\n\n (For ppc64le architecture)\n The image digest is sha256:f34818181660a9f58a59e06dbe58f24de82dcbb688e5f940a41e62e08f1edf94\n\n (For aarch64 architecture)\n The image digest is sha256:24eeb2ea15ac709ed08df9b6f1a5d1ac334c4f7335c0ae5249e17298ab297517\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend"
},
{
"cve": "CVE-2025-8677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405830"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Resource exhaustion via malformed DNSKEY handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it allows a remote, unauthenticated attacker to cause significant CPU exhaustion on vulnerable BIND resolvers by serving zones containing malformed DNSKEY records. The flaw triggers excessive computational effort during DNSKEY validation, leading to degraded performance and potential denial of service for legitimate clients. However, the issue affects availability only\u2014it does not enable code execution, data exposure, or privilege escalation\u2014so it is not classified as critical. Furthermore, authoritative servers are not impacted, limiting the scope of exposure to recursive resolvers. While the attack is easy to launch and can disrupt DNS operations, its effect ceases once the malicious traffic stops, making prompt patching and recursive access control effective mitigations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8677"
},
{
"category": "external",
"summary": "RHBZ#2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T16:26:06+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d517885ee59d46c2aca8be69fdcf916f78a510ae76a5a9f7875c1c5ab3cfc3c1\n\n (For s390x architecture)\n The image digest is sha256:3a4a7c87e8ca5f4e3803f8f203599b25055276a532df8e0b66ec4ec2ebc51f4c\n\n (For ppc64le architecture)\n The image digest is sha256:f34818181660a9f58a59e06dbe58f24de82dcbb688e5f940a41e62e08f1edf94\n\n (For aarch64 architecture)\n The image digest is sha256:24eeb2ea15ac709ed08df9b6f1a5d1ac334c4f7335c0ae5249e17298ab297517\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Resource exhaustion via malformed DNSKEY handling"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T16:26:06+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d517885ee59d46c2aca8be69fdcf916f78a510ae76a5a9f7875c1c5ab3cfc3c1\n\n (For s390x architecture)\n The image digest is sha256:3a4a7c87e8ca5f4e3803f8f203599b25055276a532df8e0b66ec4ec2ebc51f4c\n\n (For ppc64le architecture)\n The image digest is sha256:f34818181660a9f58a59e06dbe58f24de82dcbb688e5f940a41e62e08f1edf94\n\n (For aarch64 architecture)\n The image digest is sha256:24eeb2ea15ac709ed08df9b6f1a5d1ac334c4f7335c0ae5249e17298ab297517\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T16:26:06+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d517885ee59d46c2aca8be69fdcf916f78a510ae76a5a9f7875c1c5ab3cfc3c1\n\n (For s390x architecture)\n The image digest is sha256:3a4a7c87e8ca5f4e3803f8f203599b25055276a532df8e0b66ec4ec2ebc51f4c\n\n (For ppc64le architecture)\n The image digest is sha256:f34818181660a9f58a59e06dbe58f24de82dcbb688e5f940a41e62e08f1edf94\n\n (For aarch64 architecture)\n The image digest is sha256:24eeb2ea15ac709ed08df9b6f1a5d1ac334c4f7335c0ae5249e17298ab297517\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-40780",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405829"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver\u2019s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning due to weak PRNG",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in BIND 9 resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG) used to select the UDP source port and DNS query (transaction) ID. Exploitation requires an attacker to correctly predict both values and race the legitimate authoritative response with a spoofed packet to perform cache poisoning. While the PRNG weakness reduces entropy and makes prediction feasible under certain conditions, this still requires precise timing, on-path or spoofing capabilities, and targeting of recursive resolvers.\n\nThe impact is limited to resolver cache integrity; it does not allow remote code execution, privilege escalation, or direct compromise of the BIND server itself. Authoritative servers are not affected. Additionally, operational mitigations such as DNSSEC validation, access control restricting recursion, and network-level packet filtering reduce real-world exploitability. No active exploits have been observed in the wild.\n\nBecause exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40780"
},
{
"category": "external",
"summary": "RHBZ#2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T16:26:06+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d517885ee59d46c2aca8be69fdcf916f78a510ae76a5a9f7875c1c5ab3cfc3c1\n\n (For s390x architecture)\n The image digest is sha256:3a4a7c87e8ca5f4e3803f8f203599b25055276a532df8e0b66ec4ec2ebc51f4c\n\n (For ppc64le architecture)\n The image digest is sha256:f34818181660a9f58a59e06dbe58f24de82dcbb688e5f940a41e62e08f1edf94\n\n (For aarch64 architecture)\n The image digest is sha256:24eeb2ea15ac709ed08df9b6f1a5d1ac334c4f7335c0ae5249e17298ab297517\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning due to weak PRNG"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T16:26:06+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:d517885ee59d46c2aca8be69fdcf916f78a510ae76a5a9f7875c1c5ab3cfc3c1\n\n (For s390x architecture)\n The image digest is sha256:3a4a7c87e8ca5f4e3803f8f203599b25055276a532df8e0b66ec4ec2ebc51f4c\n\n (For ppc64le architecture)\n The image digest is sha256:f34818181660a9f58a59e06dbe58f24de82dcbb688e5f940a41e62e08f1edf94\n\n (For aarch64 architecture)\n The image digest is sha256:24eeb2ea15ac709ed08df9b6f1a5d1ac334c4f7335c0ae5249e17298ab297517\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.15:rhcos-aarch64-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-ppc64le-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-s390x-415.92.202601271320-0",
"9Base-RHOSE-4.15:rhcos-x86_64-415.92.202601271320-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
SUSE-SU-2025:02522-1
Vulnerability from csaf_suse - Published: 2025-07-25 09:04 - Updated: 2025-07-25 09:04Summary
Security update for libarchive
Severity
Moderate
Notes
Title of the patch: Security update for libarchive
Description of the patch: This update for libarchive fixes the following issues:
- CVE-2025-5916, Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
Patchnames: SUSE-2025-2522,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2522
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-5916, Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)\n- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2522,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2522",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02522-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02522-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502522-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02522-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040912.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244270",
"url": "https://bugzilla.suse.com/1244270"
},
{
"category": "self",
"summary": "SUSE Bug 1244272",
"url": "https://bugzilla.suse.com/1244272"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5916/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-07-25T09:04:20Z",
"generator": {
"date": "2025-07-25T09:04:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02522-1",
"initial_release_date": "2025-07-25T09:04:20Z",
"revision_history": [
{
"date": "2025-07-25T09:04:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.aarch64",
"product": {
"name": "bsdtar-3.3.3-32.14.1.aarch64",
"product_id": "bsdtar-3.3.3-32.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.aarch64",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.aarch64",
"product_id": "libarchive-devel-3.3.3-32.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.aarch64",
"product": {
"name": "libarchive13-3.3.3-32.14.1.aarch64",
"product_id": "libarchive13-3.3.3-32.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.3.3-32.14.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.3.3-32.14.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.3.3-32.14.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.i586",
"product": {
"name": "bsdtar-3.3.3-32.14.1.i586",
"product_id": "bsdtar-3.3.3-32.14.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.i586",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.i586",
"product_id": "libarchive-devel-3.3.3-32.14.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.i586",
"product": {
"name": "libarchive13-3.3.3-32.14.1.i586",
"product_id": "libarchive13-3.3.3-32.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.ppc64le",
"product": {
"name": "bsdtar-3.3.3-32.14.1.ppc64le",
"product_id": "bsdtar-3.3.3-32.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.ppc64le",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.ppc64le",
"product_id": "libarchive-devel-3.3.3-32.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.ppc64le",
"product": {
"name": "libarchive13-3.3.3-32.14.1.ppc64le",
"product_id": "libarchive13-3.3.3-32.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.s390",
"product": {
"name": "bsdtar-3.3.3-32.14.1.s390",
"product_id": "bsdtar-3.3.3-32.14.1.s390"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.s390",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.s390",
"product_id": "libarchive-devel-3.3.3-32.14.1.s390"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.s390",
"product": {
"name": "libarchive13-3.3.3-32.14.1.s390",
"product_id": "libarchive13-3.3.3-32.14.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.s390x",
"product": {
"name": "bsdtar-3.3.3-32.14.1.s390x",
"product_id": "bsdtar-3.3.3-32.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.s390x",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.s390x",
"product_id": "libarchive-devel-3.3.3-32.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.s390x",
"product": {
"name": "libarchive13-3.3.3-32.14.1.s390x",
"product_id": "libarchive13-3.3.3-32.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.3.3-32.14.1.s390x",
"product": {
"name": "libarchive13-32bit-3.3.3-32.14.1.s390x",
"product_id": "libarchive13-32bit-3.3.3-32.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.x86_64",
"product": {
"name": "bsdtar-3.3.3-32.14.1.x86_64",
"product_id": "bsdtar-3.3.3-32.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.x86_64",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.x86_64",
"product_id": "libarchive-devel-3.3.3-32.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.x86_64",
"product": {
"name": "libarchive13-3.3.3-32.14.1.x86_64",
"product_id": "libarchive13-3.3.3-32.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.3.3-32.14.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.3.3-32.14.1.x86_64",
"product_id": "libarchive13-32bit-3.3.3-32.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.3.3-32.14.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64"
},
"product_reference": "libarchive-devel-3.3.3-32.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.3.3-32.14.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64"
},
"product_reference": "libarchive13-3.3.3-32.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5914"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5914",
"url": "https://www.suse.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "SUSE Bug 1244272 for CVE-2025-5914",
"url": "https://bugzilla.suse.com/1244272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-25T09:04:20Z",
"details": "important"
}
],
"title": "CVE-2025-5914"
},
{
"cve": "CVE-2025-5916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5916"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5916",
"url": "https://www.suse.com/security/cve/CVE-2025-5916"
},
{
"category": "external",
"summary": "SUSE Bug 1244270 for CVE-2025-5916",
"url": "https://bugzilla.suse.com/1244270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-25T09:04:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-5916"
}
]
}
SUSE-SU-2025:02522-2
Vulnerability from csaf_suse - Published: 2025-09-01 07:03 - Updated: 2025-09-01 07:03Summary
Security update for libarchive
Severity
Moderate
Notes
Title of the patch: Security update for libarchive
Description of the patch: This update for libarchive fixes the following issues:
- CVE-2025-5916, Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
Patchnames: SUSE-2025-2522,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2522
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-5916, Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)\n- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2522,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2522",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02522-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02522-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502522-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02522-2",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041475.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244270",
"url": "https://bugzilla.suse.com/1244270"
},
{
"category": "self",
"summary": "SUSE Bug 1244272",
"url": "https://bugzilla.suse.com/1244272"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5916/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-09-01T07:03:57Z",
"generator": {
"date": "2025-09-01T07:03:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02522-2",
"initial_release_date": "2025-09-01T07:03:57Z",
"revision_history": [
{
"date": "2025-09-01T07:03:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.aarch64",
"product": {
"name": "bsdtar-3.3.3-32.14.1.aarch64",
"product_id": "bsdtar-3.3.3-32.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.aarch64",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.aarch64",
"product_id": "libarchive-devel-3.3.3-32.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.aarch64",
"product": {
"name": "libarchive13-3.3.3-32.14.1.aarch64",
"product_id": "libarchive13-3.3.3-32.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.3.3-32.14.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.3.3-32.14.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.3.3-32.14.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.i586",
"product": {
"name": "bsdtar-3.3.3-32.14.1.i586",
"product_id": "bsdtar-3.3.3-32.14.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.i586",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.i586",
"product_id": "libarchive-devel-3.3.3-32.14.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.i586",
"product": {
"name": "libarchive13-3.3.3-32.14.1.i586",
"product_id": "libarchive13-3.3.3-32.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.ppc64le",
"product": {
"name": "bsdtar-3.3.3-32.14.1.ppc64le",
"product_id": "bsdtar-3.3.3-32.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.ppc64le",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.ppc64le",
"product_id": "libarchive-devel-3.3.3-32.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.ppc64le",
"product": {
"name": "libarchive13-3.3.3-32.14.1.ppc64le",
"product_id": "libarchive13-3.3.3-32.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.s390",
"product": {
"name": "bsdtar-3.3.3-32.14.1.s390",
"product_id": "bsdtar-3.3.3-32.14.1.s390"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.s390",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.s390",
"product_id": "libarchive-devel-3.3.3-32.14.1.s390"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.s390",
"product": {
"name": "libarchive13-3.3.3-32.14.1.s390",
"product_id": "libarchive13-3.3.3-32.14.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.s390x",
"product": {
"name": "bsdtar-3.3.3-32.14.1.s390x",
"product_id": "bsdtar-3.3.3-32.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.s390x",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.s390x",
"product_id": "libarchive-devel-3.3.3-32.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.s390x",
"product": {
"name": "libarchive13-3.3.3-32.14.1.s390x",
"product_id": "libarchive13-3.3.3-32.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.3.3-32.14.1.s390x",
"product": {
"name": "libarchive13-32bit-3.3.3-32.14.1.s390x",
"product_id": "libarchive13-32bit-3.3.3-32.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.3.3-32.14.1.x86_64",
"product": {
"name": "bsdtar-3.3.3-32.14.1.x86_64",
"product_id": "bsdtar-3.3.3-32.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.3.3-32.14.1.x86_64",
"product": {
"name": "libarchive-devel-3.3.3-32.14.1.x86_64",
"product_id": "libarchive-devel-3.3.3-32.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.3.3-32.14.1.x86_64",
"product": {
"name": "libarchive13-3.3.3-32.14.1.x86_64",
"product_id": "libarchive13-3.3.3-32.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.3.3-32.14.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.3.3-32.14.1.x86_64",
"product_id": "libarchive13-32bit-3.3.3-32.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.3.3-32.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64"
},
"product_reference": "libarchive-devel-3.3.3-32.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.3.3-32.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le"
},
"product_reference": "libarchive-devel-3.3.3-32.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.3.3-32.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x"
},
"product_reference": "libarchive-devel-3.3.3-32.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.3.3-32.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64"
},
"product_reference": "libarchive-devel-3.3.3-32.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.3.3-32.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64"
},
"product_reference": "libarchive13-3.3.3-32.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.3.3-32.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le"
},
"product_reference": "libarchive13-3.3.3-32.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.3.3-32.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x"
},
"product_reference": "libarchive13-3.3.3-32.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.3.3-32.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64"
},
"product_reference": "libarchive13-3.3.3-32.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5914"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5914",
"url": "https://www.suse.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "SUSE Bug 1244272 for CVE-2025-5914",
"url": "https://bugzilla.suse.com/1244272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T07:03:57Z",
"details": "important"
}
],
"title": "CVE-2025-5914"
},
{
"cve": "CVE-2025-5916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5916"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5916",
"url": "https://www.suse.com/security/cve/CVE-2025-5916"
},
{
"category": "external",
"summary": "SUSE Bug 1244270 for CVE-2025-5916",
"url": "https://bugzilla.suse.com/1244270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive-devel-3.3.3-32.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libarchive13-3.3.3-32.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T07:03:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-5916"
}
]
}
SUSE-SU-2025:02566-1
Vulnerability from csaf_suse - Published: 2025-07-31 07:18 - Updated: 2025-07-31 07:18Summary
Security update for libarchive
Severity
Moderate
Notes
Title of the patch: Security update for libarchive
Description of the patch: This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)
Patchnames: SUSE-2025-2566,SUSE-SLE-Module-Basesystem-15-SP6-2025-2566,SUSE-SLE-Module-Basesystem-15-SP7-2025-2566,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2566,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2566,openSUSE-SLE-15.6-2025-2566
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)\n- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)\n- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)\n- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)\n- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2566,SUSE-SLE-Module-Basesystem-15-SP6-2025-2566,SUSE-SLE-Module-Basesystem-15-SP7-2025-2566,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2566,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2566,openSUSE-SLE-15.6-2025-2566",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02566-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02566-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502566-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02566-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040969.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244270",
"url": "https://bugzilla.suse.com/1244270"
},
{
"category": "self",
"summary": "SUSE Bug 1244272",
"url": "https://bugzilla.suse.com/1244272"
},
{
"category": "self",
"summary": "SUSE Bug 1244273",
"url": "https://bugzilla.suse.com/1244273"
},
{
"category": "self",
"summary": "SUSE Bug 1244279",
"url": "https://bugzilla.suse.com/1244279"
},
{
"category": "self",
"summary": "SUSE Bug 1244336",
"url": "https://bugzilla.suse.com/1244336"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5918/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-07-31T07:18:45Z",
"generator": {
"date": "2025-07-31T07:18:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02566-1",
"initial_release_date": "2025-07-31T07:18:45Z",
"revision_history": [
{
"date": "2025-07-31T07:18:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.17.1.aarch64",
"product": {
"name": "bsdtar-3.7.2-150600.3.17.1.aarch64",
"product_id": "bsdtar-3.7.2-150600.3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"product_id": "libarchive-devel-3.7.2-150600.3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.17.1.aarch64",
"product": {
"name": "libarchive13-3.7.2-150600.3.17.1.aarch64",
"product_id": "libarchive13-3.7.2-150600.3.17.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.7.2-150600.3.17.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.7.2-150600.3.17.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.7.2-150600.3.17.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.17.1.i586",
"product": {
"name": "bsdtar-3.7.2-150600.3.17.1.i586",
"product_id": "bsdtar-3.7.2-150600.3.17.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.17.1.i586",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.i586",
"product_id": "libarchive-devel-3.7.2-150600.3.17.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.17.1.i586",
"product": {
"name": "libarchive13-3.7.2-150600.3.17.1.i586",
"product_id": "libarchive13-3.7.2-150600.3.17.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.17.1.ppc64le",
"product": {
"name": "bsdtar-3.7.2-150600.3.17.1.ppc64le",
"product_id": "bsdtar-3.7.2-150600.3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"product_id": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.17.1.ppc64le",
"product": {
"name": "libarchive13-3.7.2-150600.3.17.1.ppc64le",
"product_id": "libarchive13-3.7.2-150600.3.17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.17.1.s390x",
"product": {
"name": "bsdtar-3.7.2-150600.3.17.1.s390x",
"product_id": "bsdtar-3.7.2-150600.3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.17.1.s390x",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.s390x",
"product_id": "libarchive-devel-3.7.2-150600.3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.17.1.s390x",
"product": {
"name": "libarchive13-3.7.2-150600.3.17.1.s390x",
"product_id": "libarchive13-3.7.2-150600.3.17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.17.1.x86_64",
"product": {
"name": "bsdtar-3.7.2-150600.3.17.1.x86_64",
"product_id": "bsdtar-3.7.2-150600.3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"product_id": "libarchive-devel-3.7.2-150600.3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.17.1.x86_64",
"product": {
"name": "libarchive13-3.7.2-150600.3.17.1.x86_64",
"product_id": "libarchive13-3.7.2-150600.3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.2-150600.3.17.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.7.2-150600.3.17.1.x86_64",
"product_id": "libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.17.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "bsdtar-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.17.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.17.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "libarchive13-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.2-150600.3.17.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
},
"product_reference": "libarchive13-32bit-3.7.2-150600.3.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5914"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5914",
"url": "https://www.suse.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "SUSE Bug 1244272 for CVE-2025-5914",
"url": "https://bugzilla.suse.com/1244272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-31T07:18:45Z",
"details": "important"
}
],
"title": "CVE-2025-5914"
},
{
"cve": "CVE-2025-5915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5915"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5915",
"url": "https://www.suse.com/security/cve/CVE-2025-5915"
},
{
"category": "external",
"summary": "SUSE Bug 1244273 for CVE-2025-5915",
"url": "https://bugzilla.suse.com/1244273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-31T07:18:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-5915"
},
{
"cve": "CVE-2025-5916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5916"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5916",
"url": "https://www.suse.com/security/cve/CVE-2025-5916"
},
{
"category": "external",
"summary": "SUSE Bug 1244270 for CVE-2025-5916",
"url": "https://bugzilla.suse.com/1244270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-31T07:18:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-5916"
},
{
"cve": "CVE-2025-5917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5917"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an \u0027off-by-one\u0027 miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5917",
"url": "https://www.suse.com/security/cve/CVE-2025-5917"
},
{
"category": "external",
"summary": "SUSE Bug 1244332 for CVE-2025-5917",
"url": "https://bugzilla.suse.com/1244332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-31T07:18:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-5917"
},
{
"cve": "CVE-2025-5918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5918"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5918",
"url": "https://www.suse.com/security/cve/CVE-2025-5918"
},
{
"category": "external",
"summary": "SUSE Bug 1244279 for CVE-2025-5918",
"url": "https://bugzilla.suse.com/1244279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libarchive13-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.17.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-31T07:18:45Z",
"details": "low"
}
],
"title": "CVE-2025-5918"
}
]
}
SUSE-SU-2025:02718-1
Vulnerability from csaf_suse - Published: 2025-08-06 13:55 - Updated: 2025-08-06 13:55Summary
Security update for libarchive
Severity
Moderate
Notes
Title of the patch: Security update for libarchive
Description of the patch: This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)
Patchnames: SUSE-2025-2718,SUSE-SLE-Micro-5.3-2025-2718,SUSE-SLE-Micro-5.4-2025-2718,SUSE-SLE-Micro-5.5-2025-2718
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)\n- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)\n- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)\n- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)\n- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2718,SUSE-SLE-Micro-5.3-2025-2718,SUSE-SLE-Micro-5.4-2025-2718,SUSE-SLE-Micro-5.5-2025-2718",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02718-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02718-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502718-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02718-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041132.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244270",
"url": "https://bugzilla.suse.com/1244270"
},
{
"category": "self",
"summary": "SUSE Bug 1244272",
"url": "https://bugzilla.suse.com/1244272"
},
{
"category": "self",
"summary": "SUSE Bug 1244273",
"url": "https://bugzilla.suse.com/1244273"
},
{
"category": "self",
"summary": "SUSE Bug 1244279",
"url": "https://bugzilla.suse.com/1244279"
},
{
"category": "self",
"summary": "SUSE Bug 1244336",
"url": "https://bugzilla.suse.com/1244336"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5918/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-08-06T13:55:09Z",
"generator": {
"date": "2025-08-06T13:55:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02718-1",
"initial_release_date": "2025-08-06T13:55:09Z",
"revision_history": [
{
"date": "2025-08-06T13:55:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"product_id": "bsdtar-3.5.1-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"product_id": "libarchive13-3.5.1-150400.3.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.5.1-150400.3.21.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.5.1-150400.3.21.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.5.1-150400.3.21.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.i586",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.i586",
"product_id": "bsdtar-3.5.1-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.i586",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.i586",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.i586",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.i586",
"product_id": "libarchive13-3.5.1-150400.3.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.ppc64le",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.ppc64le",
"product_id": "bsdtar-3.5.1-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"product_id": "libarchive13-3.5.1-150400.3.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.s390x",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.s390x",
"product_id": "bsdtar-3.5.1-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.s390x",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.s390x",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.s390x",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.s390x",
"product_id": "libarchive13-3.5.1-150400.3.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"product_id": "bsdtar-3.5.1-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"product_id": "libarchive13-3.5.1-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.5.1-150400.3.21.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.5.1-150400.3.21.1.x86_64",
"product_id": "libarchive13-32bit-3.5.1-150400.3.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5914"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5914",
"url": "https://www.suse.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "SUSE Bug 1244272 for CVE-2025-5914",
"url": "https://bugzilla.suse.com/1244272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-06T13:55:09Z",
"details": "important"
}
],
"title": "CVE-2025-5914"
},
{
"cve": "CVE-2025-5915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5915"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5915",
"url": "https://www.suse.com/security/cve/CVE-2025-5915"
},
{
"category": "external",
"summary": "SUSE Bug 1244273 for CVE-2025-5915",
"url": "https://bugzilla.suse.com/1244273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-06T13:55:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-5915"
},
{
"cve": "CVE-2025-5916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5916"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5916",
"url": "https://www.suse.com/security/cve/CVE-2025-5916"
},
{
"category": "external",
"summary": "SUSE Bug 1244270 for CVE-2025-5916",
"url": "https://bugzilla.suse.com/1244270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-06T13:55:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-5916"
},
{
"cve": "CVE-2025-5917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5917"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an \u0027off-by-one\u0027 miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5917",
"url": "https://www.suse.com/security/cve/CVE-2025-5917"
},
{
"category": "external",
"summary": "SUSE Bug 1244332 for CVE-2025-5917",
"url": "https://bugzilla.suse.com/1244332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-06T13:55:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-5917"
},
{
"cve": "CVE-2025-5918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5918"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5918",
"url": "https://www.suse.com/security/cve/CVE-2025-5918"
},
{
"category": "external",
"summary": "SUSE Bug 1244279 for CVE-2025-5918",
"url": "https://bugzilla.suse.com/1244279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-06T13:55:09Z",
"details": "low"
}
],
"title": "CVE-2025-5918"
}
]
}
SUSE-SU-2025:02718-2
Vulnerability from csaf_suse - Published: 2025-08-20 09:46 - Updated: 2025-08-20 09:46Summary
Security update for libarchive
Severity
Moderate
Notes
Title of the patch: Security update for libarchive
Description of the patch: This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)
Patchnames: SUSE-2025-2718,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2718,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2718,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2718,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2718,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2718,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2718,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2718,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2718,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-2718,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-2718
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)\n- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)\n- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)\n- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)\n- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2718,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2718,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2718,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2718,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2718,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2718,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2718,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2718,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2718,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-2718,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-2718",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02718-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02718-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502718-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02718-2",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041311.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244270",
"url": "https://bugzilla.suse.com/1244270"
},
{
"category": "self",
"summary": "SUSE Bug 1244272",
"url": "https://bugzilla.suse.com/1244272"
},
{
"category": "self",
"summary": "SUSE Bug 1244273",
"url": "https://bugzilla.suse.com/1244273"
},
{
"category": "self",
"summary": "SUSE Bug 1244279",
"url": "https://bugzilla.suse.com/1244279"
},
{
"category": "self",
"summary": "SUSE Bug 1244336",
"url": "https://bugzilla.suse.com/1244336"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5918/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-08-20T09:46:47Z",
"generator": {
"date": "2025-08-20T09:46:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02718-2",
"initial_release_date": "2025-08-20T09:46:47Z",
"revision_history": [
{
"date": "2025-08-20T09:46:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"product_id": "bsdtar-3.5.1-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"product_id": "libarchive13-3.5.1-150400.3.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.5.1-150400.3.21.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.5.1-150400.3.21.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.5.1-150400.3.21.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.i586",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.i586",
"product_id": "bsdtar-3.5.1-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.i586",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.i586",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.i586",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.i586",
"product_id": "libarchive13-3.5.1-150400.3.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.ppc64le",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.ppc64le",
"product_id": "bsdtar-3.5.1-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"product_id": "libarchive13-3.5.1-150400.3.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.s390x",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.s390x",
"product_id": "bsdtar-3.5.1-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.s390x",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.s390x",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.s390x",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.s390x",
"product_id": "libarchive13-3.5.1-150400.3.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"product": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"product_id": "bsdtar-3.5.1-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"product_id": "libarchive-devel-3.5.1-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"product": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"product_id": "libarchive13-3.5.1-150400.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.5.1-150400.3.21.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.5.1-150400.3.21.1.x86_64",
"product_id": "libarchive13-32bit-3.5.1-150400.3.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy LTS 4.3",
"product": {
"name": "SUSE Manager Proxy LTS 4.3",
"product_id": "SUSE Manager Proxy LTS 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy-lts:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server LTS 4.3",
"product": {
"name": "SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server-lts:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "bsdtar-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Manager Proxy LTS 4.3",
"product_id": "SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Manager Proxy LTS 4.3",
"product_id": "SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.s390x as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-150400.3.21.1.x86_64 as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.ppc64le as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.s390x as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.s390x",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.21.1.x86_64 as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5914"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5914",
"url": "https://www.suse.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "SUSE Bug 1244272 for CVE-2025-5914",
"url": "https://bugzilla.suse.com/1244272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T09:46:47Z",
"details": "important"
}
],
"title": "CVE-2025-5914"
},
{
"cve": "CVE-2025-5915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5915"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5915",
"url": "https://www.suse.com/security/cve/CVE-2025-5915"
},
{
"category": "external",
"summary": "SUSE Bug 1244273 for CVE-2025-5915",
"url": "https://bugzilla.suse.com/1244273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T09:46:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-5915"
},
{
"cve": "CVE-2025-5916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5916"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5916",
"url": "https://www.suse.com/security/cve/CVE-2025-5916"
},
{
"category": "external",
"summary": "SUSE Bug 1244270 for CVE-2025-5916",
"url": "https://bugzilla.suse.com/1244270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T09:46:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-5916"
},
{
"cve": "CVE-2025-5917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5917"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an \u0027off-by-one\u0027 miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5917",
"url": "https://www.suse.com/security/cve/CVE-2025-5917"
},
{
"category": "external",
"summary": "SUSE Bug 1244332 for CVE-2025-5917",
"url": "https://bugzilla.suse.com/1244332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T09:46:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-5917"
},
{
"cve": "CVE-2025-5918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5918"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5918",
"url": "https://www.suse.com/security/cve/CVE-2025-5918"
},
{
"category": "external",
"summary": "SUSE Bug 1244279 for CVE-2025-5918",
"url": "https://bugzilla.suse.com/1244279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:bsdtar-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive-devel-3.5.1-150400.3.21.1.x86_64",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.ppc64le",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.s390x",
"SUSE Manager Server LTS 4.3:libarchive13-3.5.1-150400.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T09:46:47Z",
"details": "low"
}
],
"title": "CVE-2025-5918"
}
]
}
SUSE-SU-2025:20560-1
Vulnerability from csaf_suse - Published: 2025-08-20 11:38 - Updated: 2025-08-20 11:38Summary
Security update for libarchive
Severity
Moderate
Notes
Title of the patch: Security update for libarchive
Description of the patch: This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in
the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window()
at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at
archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name()
at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed past EOF read triggered for piped file
streams (bsc#1244279)
Patchnames: SUSE-SLE-Micro-6.0-427
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-5914: Fixed double free due to an integer overflow in \n the archive_read_format_rar_seek_data() function (bsc#1244272)\n- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() \n at archive_read_support_format_rar.c (bsc#1244273)\n- CVE-2025-5916: Fixed integer overflow while reading warc files at \n archive_read_support_format_warc.c (bsc#1244270)\n- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() \n at archive_write_set_format_pax.c (bsc#1244336)\n- CVE-2025-5918: Fixed past EOF read triggered for piped file \n streams (bsc#1244279)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-427",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20560-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20560-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520560-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20560-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022320.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244270",
"url": "https://bugzilla.suse.com/1244270"
},
{
"category": "self",
"summary": "SUSE Bug 1244272",
"url": "https://bugzilla.suse.com/1244272"
},
{
"category": "self",
"summary": "SUSE Bug 1244273",
"url": "https://bugzilla.suse.com/1244273"
},
{
"category": "self",
"summary": "SUSE Bug 1244279",
"url": "https://bugzilla.suse.com/1244279"
},
{
"category": "self",
"summary": "SUSE Bug 1244336",
"url": "https://bugzilla.suse.com/1244336"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5918/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-08-20T11:38:12Z",
"generator": {
"date": "2025-08-20T11:38:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20560-1",
"initial_release_date": "2025-08-20T11:38:12Z",
"revision_history": [
{
"date": "2025-08-20T11:38:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.6.2-5.1.aarch64",
"product": {
"name": "libarchive13-3.6.2-5.1.aarch64",
"product_id": "libarchive13-3.6.2-5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.6.2-5.1.s390x",
"product": {
"name": "libarchive13-3.6.2-5.1.s390x",
"product_id": "libarchive13-3.6.2-5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.6.2-5.1.x86_64",
"product": {
"name": "libarchive13-3.6.2-5.1.x86_64",
"product_id": "libarchive13-3.6.2-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.6.2-5.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64"
},
"product_reference": "libarchive13-3.6.2-5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.6.2-5.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x"
},
"product_reference": "libarchive13-3.6.2-5.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.6.2-5.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
},
"product_reference": "libarchive13-3.6.2-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5914"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5914",
"url": "https://www.suse.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "SUSE Bug 1244272 for CVE-2025-5914",
"url": "https://bugzilla.suse.com/1244272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T11:38:12Z",
"details": "important"
}
],
"title": "CVE-2025-5914"
},
{
"cve": "CVE-2025-5915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5915"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5915",
"url": "https://www.suse.com/security/cve/CVE-2025-5915"
},
{
"category": "external",
"summary": "SUSE Bug 1244273 for CVE-2025-5915",
"url": "https://bugzilla.suse.com/1244273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T11:38:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-5915"
},
{
"cve": "CVE-2025-5916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5916"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5916",
"url": "https://www.suse.com/security/cve/CVE-2025-5916"
},
{
"category": "external",
"summary": "SUSE Bug 1244270 for CVE-2025-5916",
"url": "https://bugzilla.suse.com/1244270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T11:38:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-5916"
},
{
"cve": "CVE-2025-5917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5917"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an \u0027off-by-one\u0027 miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5917",
"url": "https://www.suse.com/security/cve/CVE-2025-5917"
},
{
"category": "external",
"summary": "SUSE Bug 1244332 for CVE-2025-5917",
"url": "https://bugzilla.suse.com/1244332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T11:38:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-5917"
},
{
"cve": "CVE-2025-5918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5918"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5918",
"url": "https://www.suse.com/security/cve/CVE-2025-5918"
},
{
"category": "external",
"summary": "SUSE Bug 1244279 for CVE-2025-5918",
"url": "https://bugzilla.suse.com/1244279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.aarch64",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.s390x",
"SUSE Linux Micro 6.0:libarchive13-3.6.2-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-20T11:38:12Z",
"details": "low"
}
],
"title": "CVE-2025-5918"
}
]
}
SUSE-SU-2025:20594-1
Vulnerability from csaf_suse - Published: 2025-08-14 10:12 - Updated: 2025-08-14 10:12Summary
Security update for libarchive
Severity
Moderate
Notes
Title of the patch: Security update for libarchive
Description of the patch: This update for libarchive fixes the following issues:
- CVE-2025-5918: reading past EOF may be triggered for piped file streams (bsc#1244279)
- CVE-2025-5917: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5916: integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5915: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5914: double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
Patchnames: SUSE-SLE-Micro-6.1-214
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-5918: reading past EOF may be triggered for piped file streams (bsc#1244279)\n- CVE-2025-5917: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)\n- CVE-2025-5916: integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)\n- CVE-2025-5915: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)\n- CVE-2025-5914: double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-214",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20594-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20594-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520594-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20594-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022368.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244270",
"url": "https://bugzilla.suse.com/1244270"
},
{
"category": "self",
"summary": "SUSE Bug 1244272",
"url": "https://bugzilla.suse.com/1244272"
},
{
"category": "self",
"summary": "SUSE Bug 1244273",
"url": "https://bugzilla.suse.com/1244273"
},
{
"category": "self",
"summary": "SUSE Bug 1244279",
"url": "https://bugzilla.suse.com/1244279"
},
{
"category": "self",
"summary": "SUSE Bug 1244336",
"url": "https://bugzilla.suse.com/1244336"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5918/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-08-14T10:12:37Z",
"generator": {
"date": "2025-08-14T10:12:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20594-1",
"initial_release_date": "2025-08-14T10:12:37Z",
"revision_history": [
{
"date": "2025-08-14T10:12:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"product": {
"name": "libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"product_id": "libarchive13-3.7.4-slfo.1.1_3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"product": {
"name": "libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"product_id": "libarchive13-3.7.4-slfo.1.1_3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"product": {
"name": "libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"product_id": "libarchive13-3.7.4-slfo.1.1_3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.7.4-slfo.1.1_3.1.x86_64",
"product": {
"name": "libarchive13-3.7.4-slfo.1.1_3.1.x86_64",
"product_id": "libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.4-slfo.1.1_3.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64"
},
"product_reference": "libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.4-slfo.1.1_3.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le"
},
"product_reference": "libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.4-slfo.1.1_3.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x"
},
"product_reference": "libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.4-slfo.1.1_3.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
},
"product_reference": "libarchive13-3.7.4-slfo.1.1_3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5914"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5914",
"url": "https://www.suse.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "SUSE Bug 1244272 for CVE-2025-5914",
"url": "https://bugzilla.suse.com/1244272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:12:37Z",
"details": "important"
}
],
"title": "CVE-2025-5914"
},
{
"cve": "CVE-2025-5915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5915"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5915",
"url": "https://www.suse.com/security/cve/CVE-2025-5915"
},
{
"category": "external",
"summary": "SUSE Bug 1244273 for CVE-2025-5915",
"url": "https://bugzilla.suse.com/1244273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:12:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-5915"
},
{
"cve": "CVE-2025-5916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5916"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5916",
"url": "https://www.suse.com/security/cve/CVE-2025-5916"
},
{
"category": "external",
"summary": "SUSE Bug 1244270 for CVE-2025-5916",
"url": "https://bugzilla.suse.com/1244270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:12:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-5916"
},
{
"cve": "CVE-2025-5917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5917"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw involves an \u0027off-by-one\u0027 miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5917",
"url": "https://www.suse.com/security/cve/CVE-2025-5917"
},
{
"category": "external",
"summary": "SUSE Bug 1244332 for CVE-2025-5917",
"url": "https://bugzilla.suse.com/1244332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:12:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-5917"
},
{
"cve": "CVE-2025-5918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5918"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5918",
"url": "https://www.suse.com/security/cve/CVE-2025-5918"
},
{
"category": "external",
"summary": "SUSE Bug 1244279 for CVE-2025-5918",
"url": "https://bugzilla.suse.com/1244279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.ppc64le",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:12:37Z",
"details": "low"
}
],
"title": "CVE-2025-5918"
}
]
}
WID-SEC-W-2025-1748
Vulnerability from csaf_certbund - Published: 2025-08-07 22:00 - Updated: 2026-05-18 22:00Summary
libarchive: Schwachstelle ermöglicht Denial of Service und potenziell Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: libarchive ist eine C Bibliothek und ein Kommandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.
FreeBSD ist ein Open Source Betriebssystem aus der BSD Familie und gehört damit zu den Unix Derivaten.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libarchive und FreeBSD Project FreeBSD OS ausnutzen, um beliebigen Programmcode auszuführen, und potenziell um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.27
Red Hat / OpenShift
|
Container Platform <4.18.27 | ||
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS <13.5-STABLE
FreeBSD Project / FreeBSD OS
|
<13.5-STABLE | ||
|
Open Source libarchive <3.8.0
Open Source / libarchive
|
<3.8.0 | ||
|
Securepoint UTM <14.0.8.2
Securepoint / UTM
|
<14.0.8.2 | ||
|
IBM App Connect Enterprise <12.16.0
IBM / App Connect Enterprise
|
<12.16.0 | ||
|
IBM App Connect Enterprise <12.0.16
IBM / App Connect Enterprise
|
<12.0.16 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
FreeBSD Project FreeBSD OS <14.3-STABLE
FreeBSD Project / FreeBSD OS
|
<14.3-STABLE | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM MQ Container
IBM / MQ
|
cpe:/a:ibm:mq:container
|
Container | |
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
References
50 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "libarchive ist eine C Bibliothek und ein Kommandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.\r\nFreeBSD ist ein Open Source Betriebssystem aus der BSD Familie und geh\u00f6rt damit zu den Unix Derivaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libarchive und FreeBSD Project FreeBSD OS ausnutzen, um beliebigen Programmcode auszuf\u00fchren, und potenziell um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1748 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1748.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1748 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1748"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory vom 2025-08-07",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-25:07.libarchive.asc"
},
{
"category": "external",
"summary": "NIST CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2025-34 vom 2025-08-14",
"url": "https://kb.igel.com/en/security-safety/current/isn-2025-34-libarchive-vulnerability"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-47E73AAAEA vom 2025-08-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-47e73aaaea"
},
{
"category": "external",
"summary": "Securepoint UTM Changelog - Build 14.0.8.2 vom 2025-08-18",
"url": "https://wiki.securepoint.de/UTM/Changelog"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14130 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14130"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14135 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14135"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14137 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14137"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14141 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14141"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14142 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14142"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14137 vom 2025-08-20",
"url": "https://linux.oracle.com/errata/ELSA-2025-14137.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14130 vom 2025-08-20",
"url": "https://linux.oracle.com/errata/ELSA-2025-14130.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14135 vom 2025-08-20",
"url": "https://linux.oracle.com/errata/ELSA-2025-14135.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02718-2 vom 2025-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022239.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14525 vom 2025-08-25",
"url": "https://access.redhat.com/errata/RHSA-2025:14525"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14528 vom 2025-08-25",
"url": "https://access.redhat.com/errata/RHSA-2025:14528"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14594 vom 2025-08-26",
"url": "https://access.redhat.com/errata/RHSA-2025:14594"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14808 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14808"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14810 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14810"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14828 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14828"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20560-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022320.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20594-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022368.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02522-2 vom 2025-09-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022372.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2025:15024"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14919 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:14919"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15358 vom 2025-09-04",
"url": "https://access.redhat.com/errata/RHSA-2025:15358"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7244160 vom 2025-09-05",
"url": "https://www.ibm.com/support/pages/node/7244160"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14828 vom 2025-09-15",
"url": "https://linux.oracle.com/errata/ELSA-2025-14828.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15827 vom 2025-09-15",
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15828 vom 2025-09-15",
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16524 vom 2025-09-23",
"url": "https://access.redhat.com/errata/RHSA-2025:16524"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7246875 vom 2025-10-01",
"url": "https://www.ibm.com/support/pages/node/7246875"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18219 vom 2025-10-16",
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15397 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:15397"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18218 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18218"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18217 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18217"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19046 vom 2025-10-29",
"url": "https://access.redhat.com/errata/RHSA-2025:19046"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19041 vom 2025-10-30",
"url": "https://access.redhat.com/errata/RHSA-2025:19041"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-404 vom 2025-10-31",
"url": "https://www.dell.com/support/kbdoc/000385435"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4368 vom 2025-11-11",
"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00011.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21885 vom 2025-11-20",
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21913 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0326 vom 2026-01-15",
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0934 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1541 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:1541"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2026-3129 vom 2026-03-03",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37143"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8147-1 vom 2026-04-06",
"url": "https://ubuntu.com/security/notices/USN-8147-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273312 vom 2026-05-18",
"url": "https://www.ibm.com/support/pages/node/7273312"
}
],
"source_lang": "en-US",
"title": "libarchive: Schwachstelle erm\u00f6glicht Denial of Service und potenziell Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2026-05-18T22:00:00.000+00:00",
"generator": {
"date": "2026-05-19T08:36:10.577+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1748",
"initial_release_date": "2025-08-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IGEL aufgenommen"
},
{
"date": "2025-08-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora und Securepoint aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-20T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-08-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-01T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-04T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-07T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-09-14T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-09-15T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-21T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-29T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-11-20T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-15T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-21T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-03T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2026-04-06T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "31"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade SANnav",
"product": {
"name": "Broadcom Brocade SANnav",
"product_id": "T050389",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:-"
}
}
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Virtual Edition",
"product": {
"name": "Dell NetWorker Virtual Edition",
"product_id": "T048226",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual_edition"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.5-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c13.5-STABLE",
"product_id": "T042750"
}
},
{
"category": "product_version",
"name": "13.5-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS 13.5-STABLE",
"product_id": "T042750-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:13.5-stable"
}
}
},
{
"category": "product_version_range",
"name": "\u003c14.3-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c14.3-STABLE",
"product_id": "T045955"
}
},
{
"category": "product_version",
"name": "14.3-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS 14.3-STABLE",
"product_id": "T045955-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:14.3-stable"
}
}
}
],
"category": "product_name",
"name": "FreeBSD OS"
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.16.0",
"product": {
"name": "IBM App Connect Enterprise \u003c12.16.0",
"product_id": "T047348"
}
},
{
"category": "product_version",
"name": "12.16.0",
"product": {
"name": "IBM App Connect Enterprise 12.16.0",
"product_id": "T047348-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.16.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.16",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.16",
"product_id": "T047349"
}
},
{
"category": "product_version",
"name": "12.0.16",
"product": {
"name": "IBM App Connect Enterprise 12.0.16",
"product_id": "T047349-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.16"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "T048379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
},
{
"category": "product_version",
"name": "Container",
"product": {
"name": "IBM MQ Container",
"product_id": "T040640",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:container"
}
}
}
],
"category": "product_name",
"name": "MQ"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS",
"product": {
"name": "IGEL OS",
"product_id": "T017865",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:-"
}
}
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.8.0",
"product": {
"name": "Open Source libarchive \u003c3.8.0",
"product_id": "T045954"
}
},
{
"category": "product_version",
"name": "3.8.0",
"product": {
"name": "Open Source libarchive 3.8.0",
"product_id": "T045954-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:libarchive:libarchive:3.8.0"
}
}
}
],
"category": "product_name",
"name": "libarchive"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "T044137",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.18.27",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.18.27",
"product_id": "T048184"
}
},
{
"category": "product_version",
"name": "Container Platform 4.18.27",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18.27",
"product_id": "T048184-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.18.27"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c14.0.8.2",
"product": {
"name": "Securepoint UTM \u003c14.0.8.2",
"product_id": "T046314"
}
},
{
"category": "product_version",
"name": "14.0.8.2",
"product": {
"name": "Securepoint UTM 14.0.8.2",
"product_id": "T046314-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:securepoint:unified_threat_management:14.0.8.2"
}
}
}
],
"category": "product_name",
"name": "UTM"
}
],
"category": "vendor",
"name": "Securepoint"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"product_status": {
"known_affected": [
"67646",
"T048184",
"T050389",
"T036688",
"T004914",
"74185",
"T039664",
"T044137",
"T042750",
"T045954",
"T046314",
"T047348",
"T047349",
"2951",
"T002207",
"T017865",
"T045955",
"T000126",
"T040640",
"T048226",
"T048379"
]
},
"release_date": "2025-08-07T22:00:00.000+00:00",
"title": "CVE-2025-5914"
}
]
}
WID-SEC-W-2025-2043
Vulnerability from csaf_certbund - Published: 2025-09-11 22:00 - Updated: 2025-10-01 22:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand zu erzeugen, um Dateien zu manipulieren und um nicht nächer spezifizierte Auswirkungen zu erzielen..
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP13 IF02
IBM / QRadar SIEM
|
<7.5.0 UP13 IF02 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand zu erzeugen, um Dateien zu manipulieren und um nicht n\u00e4cher spezifizierte Auswirkungen zu erzielen..",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2043 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2043.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2043 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2043"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7244784 vom 2025-09-12",
"url": "https://www.ibm.com/support/pages/node/7244784"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7244786 vom 2025-09-12",
"url": "https://www.ibm.com/support/pages/node/7244786"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17161 vom 2025-10-01",
"url": "https://access.redhat.com/errata/RHSA-2025:17161"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-01T22:00:00.000+00:00",
"generator": {
"date": "2025-10-02T08:18:55.515+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2043",
"initial_release_date": "2025-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-14T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-29120"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP13 IF02",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP13 IF02",
"product_id": "T046961"
}
},
{
"category": "product_version",
"name": "7.5.0 UP13 IF02",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP13 IF02",
"product_id": "T046961-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0:up13_if02"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47670",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2021-47670"
},
{
"cve": "CVE-2023-49083",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2023-49083"
},
{
"cve": "CVE-2024-56644",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2024-56644"
},
{
"cve": "CVE-2025-21727",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21759",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-22058",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-22058"
},
{
"cve": "CVE-2025-22097",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-22097"
},
{
"cve": "CVE-2025-37914",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-37914"
},
{
"cve": "CVE-2025-38085",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38159",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38200",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-38200"
},
{
"cve": "CVE-2025-38250",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-38250"
},
{
"cve": "CVE-2025-38380",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-5914",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-5914"
},
{
"cve": "CVE-2025-5994",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-5994"
},
{
"cve": "CVE-2025-6020",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-6020"
},
{
"cve": "CVE-2025-6032",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-8194",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-0164",
"product_status": {
"known_affected": [
"67646",
"T046961"
]
},
"release_date": "2025-09-11T22:00:00.000+00:00",
"title": "CVE-2025-0164"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…