ALSA-2025:7524

[ALSA-2025:7524] Important: xz security update

Type:

security

Severity:

important

Release date:

2025-06-16

Description:

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.  

Security Fix(es):  

  * xz: XZ has a heap-use-after-free bug in threaded .xz decoder (CVE-2025-31115)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	xz-5.6.2-4.el10_0.aarch64.rpm	023389fab7fef4e28002a18562da52e029daab2ef5e356180b0fe6142a3ec024
aarch64	xz-lzma-compat-5.6.2-4.el10_0.aarch64.rpm	0d4948b7147255434a079c3508fe9725b158e483acd336b05e95d99a7a6268c6
aarch64	xz-libs-5.6.2-4.el10_0.aarch64.rpm	2b69ce283d825b3b99a888ee4e417dce967102eb80bdbf757c7506aa2e441651
aarch64	xz-devel-5.6.2-4.el10_0.aarch64.rpm	f6b9843c41fc22d0993e1136bab576b0deca0a823bc1f2c4672c2be9c785ba6d
ppc64le	xz-devel-5.6.2-4.el10_0.ppc64le.rpm	212b578596eefc6f25184a8d748d936be67d65014c9eb4ce477e939d0410f4f8
ppc64le	xz-lzma-compat-5.6.2-4.el10_0.ppc64le.rpm	7b6168a508747ec65a23c3f7dc60db5bf8a26b62143a2d9f216f01bec3c298ef
ppc64le	xz-libs-5.6.2-4.el10_0.ppc64le.rpm	cafac0ded33fee2d497f0d6f0a2c37483021a4c911e3a0741aaa712a1ee6012d
ppc64le	xz-5.6.2-4.el10_0.ppc64le.rpm	e1adaa240e20f429314c6afb6b8d53b2dc2ac3cda2fe2936234a1fae0b8bd949
s390x	xz-libs-5.6.2-4.el10_0.s390x.rpm	0315a20d525fcf25bcf52ac062a02946c13227722e0b3034490d56a99c8c037f
s390x	xz-lzma-compat-5.6.2-4.el10_0.s390x.rpm	080f13126742fbda10672dbf7b29693ec452f3b41c9ba90956552dde6cffe774
s390x	xz-5.6.2-4.el10_0.s390x.rpm	9e790abd15dff435349de8b7eea92297043e06ca63a96d94d38c098a43ff2b25
s390x	xz-devel-5.6.2-4.el10_0.s390x.rpm	c0c64d2d2e7eab621f4c2c40f110dfbf01aac00cc5b979d990ce6cc9cbda6c13
x86_64	xz-devel-5.6.2-4.el10_0.x86_64.rpm	131da966c72950c50d101a0958e35faaf4746e039691a93a1e84dc955c1470fc
x86_64	xz-libs-5.6.2-4.el10_0.x86_64.rpm	371d79dae3790ad776f91888f2b5065eefa36d2265b0e2b103890ee2be0781f0
x86_64	xz-5.6.2-4.el10_0.x86_64.rpm	5bc8b695fe3e486000dc0be7a1b3484754e705f0a3522c07269d460d96f1b926
x86_64	xz-lzma-compat-5.6.2-4.el10_0.x86_64.rpm	98be69774ca09ea3451ae04d754ca462e695dadd7464bf2e3d8360622bcde290
x86_64_v2	xz-lzma-compat-5.6.2-4.el10_0.x86_64_v2.rpm	467078e7ab2d60b09bd70548139f39474422592df480762c40888c333200372b
x86_64_v2	xz-devel-5.6.2-4.el10_0.x86_64_v2.rpm	91547781b065a70683d73be32ae95f838e46b94bfbb75fbed4dc348cf33b4d23
x86_64_v2	xz-libs-5.6.2-4.el10_0.x86_64_v2.rpm	b7c86e6258fbaa517d906a7c941b1ecdf46876afc8e5a678f3510831af850b7b
x86_64_v2	xz-5.6.2-4.el10_0.x86_64_v2.rpm	c00d63d8b9cb2370b0ad30d9541c07c53eb4e102cb0ab5a5d2fc7512ae484b4b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.