Home / mailingsPDF  

[USN-7601-1] libarchive vulnerabilities

Posted on 26 June 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7601-1
June 26, 2025

libarchive vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in libarchive.

Software Description:
- libarchive: Library to read/write archive files

Details:

It was discovered that libarchive incorrectly handled certain RAR archive
files. An attacker could possibly use this issue to execute arbitrary
code or cause a denial of service. (CVE-2025-5914)

It was discovered that libarchive incorrectly handled certain RAR archive
files. An attacker could possibly use this issue to read sensitive data
or cause a denial of service. (CVE-2025-5915)

It was discovered that libarchive incorrectly handled certain WARC
archive files. If a user or automated system were tricked into processing
a specially crafted WARC archive, an attacker could use this issue to
cause libarchive to crash, resulting in a denial of service.
(CVE-2025-5916)

It was discovered that libarchive incorrectly handled certain file names
when handling prefixes and suffixes. An attacker could possibly use this
issue to cause libarchive to crash, resulting in a denial of service.
(CVE-2025-5917)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libarchive13t64 3.7.7-0ubuntu2.3

Ubuntu 24.10
libarchive13t64 3.7.4-1ubuntu0.3

Ubuntu 24.04 LTS
libarchive13t64 3.7.2-2ubuntu0.5

Ubuntu 22.04 LTS
libarchive13 3.6.0-1ubuntu1.5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7601-1
CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917

Package Information:
https://launchpad.net/ubuntu/+source/libarchive/3.7.7-0ubuntu2.3
https://launchpad.net/ubuntu/+source/libarchive/3.7.4-1ubuntu0.3
https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.5
https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.5

--===============2838414081856171868==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :