ALSA-2025:14137

[ALSA-2025:14137] Important: libarchive security update

Type:

security

Severity:

important

Release date:

2025-08-20

Description:

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.  

Security Fix(es):  

  * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	bsdtar-3.7.7-4.el10_0.aarch64.rpm	5aceeacbf2f3da7996d7de8c1a40a61bc299ce7f77095f2d0f5f5d1105fff762
aarch64	libarchive-3.7.7-4.el10_0.aarch64.rpm	ac1a25ac26d41961f38d88ae72c81e4669bd6c71a12710db0f961f698ad6843e
aarch64	libarchive-devel-3.7.7-4.el10_0.aarch64.rpm	b2f68279a79f03b22bc096ee039e618a9d9dc8af96f6c2961521e227c09cdf11
ppc64le	bsdtar-3.7.7-4.el10_0.ppc64le.rpm	07cb7dda9db023992a4738e56390f339d258bcabde98e4b2a5aab1023f0dc21a
ppc64le	libarchive-3.7.7-4.el10_0.ppc64le.rpm	6563b743d8fdda61e049724ef9919a3838b0c98902c39ba74344812d82eccf22
ppc64le	libarchive-devel-3.7.7-4.el10_0.ppc64le.rpm	ab6bf5d513647f26993c3d9949e1fa6b06cd8e2cbf03635e30573bbd1d501009
s390x	libarchive-devel-3.7.7-4.el10_0.s390x.rpm	27be631dcaefccd44a816ff6352347225c90535e31ec53540a2fef9524dd86e1
s390x	bsdtar-3.7.7-4.el10_0.s390x.rpm	b2f6b0242dc93038ff4aafbd35b21036bad8e94fcad58eec82ca4454b4f75331
s390x	libarchive-3.7.7-4.el10_0.s390x.rpm	d315d5cdbc5dfcc59bd828eb1c4d476d8085373e0d1399fd83eb84db452ffda3
x86_64	libarchive-devel-3.7.7-4.el10_0.x86_64.rpm	0df1b66346fa1e9781f9f4b58d4ec866574d0db0bf1b8fd8686de4aba337375b
x86_64	bsdtar-3.7.7-4.el10_0.x86_64.rpm	9f5249355c3f92e118fecd10e29e4cab230d4ebca862128c797ab39854df2dea
x86_64	libarchive-3.7.7-4.el10_0.x86_64.rpm	aedcdf18e35e874a32c6af03c69b5abe2198f9f804b04b35f268b322064d90f1
x86_64_v2	libarchive-3.7.7-4.el10_0.x86_64_v2.rpm	07fe1b78a2e4274e9f87d24840713c8faf2f95fe5d29a939ca6959970d707f59
x86_64_v2	libarchive-devel-3.7.7-4.el10_0.x86_64_v2.rpm	11161f02ec862d459a869dcecf5ce6353a6648b9eb4c1db940dc8187eb7520c3
x86_64_v2	bsdtar-3.7.7-4.el10_0.x86_64_v2.rpm	7d908aa6b22af00a3c51bf76617d52c374e2e848df6b11d1b303e56b820f6549

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.