Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42: Fix for Critical 7-Zip Remote Code Execution in RetroArch

fedora
Calendar Grey December 25, 2025
Dist Fedora Esm H88
Critical update for Fedora 42's RetroArch resolves multiple 7-Zip vulnerabilities. Install immediately for enhanced security.
Update to 1.22.0

Summary

libretro is an API that exposes generic audio/video/input callbacks. A frontend

for libretro (such as RetroArch) handles video output, audio output, input and

application lifecycle. A libretro core written in portable C or C++ can run

seamlessly on many platforms with very little to no porting effort.

While RetroArch is the reference frontend for libretro, several other projects

have used the libretro interface to include support for emulators and/or game

engines. libretro is completely open and free for anyone to use.

For how to download and install more libretro cores please read included

README.fedora.md file.

Update Information:

Update to 1.22.0

Topics%20covered

Topics Covered

security advisory fedora update critical remote code execution 7-zip

Change Log

* Thu Dec 18 2025 Artem Polishchuk - 1.22.0-1 - Update to 1.22.0 * Thu Nov 6 2025 Dominik 'Rathann' Mierzejewski - 1.19.0-15 - Fixed build with FFmpeg 8 * Wed Oct 15 2025 Dominik 'Rathann' Mierzejewski - 1.19.0-14 - Rebuilt for FFmpeg 8 * Fri Jul 25 2025 Fedora Release Engineering - 1.19.0-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue May 27 2025 Jitka Plesnikova - 1.19.0-12 - Rebuilt for flac 1.5.0

References


[ 1 ] Bug #2290413 - retroarch-1.22.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2290413 [ 2 ] Bug #2381834 - CVE-2025-53817 retroarch: 7-Zip Null pointer array write [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2381834 [ 3 ] Bug #2381837 - CVE-2025-53816 retroarch: 7-Zip heap buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2381837 [ 4 ] Bug #2387650 - CVE-2025-55188 retroarch: 7-Zip Symbolic Link Extraction Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2387650 [ 5 ] Bug #2389431 - CVE-2025-9136 retroarch: libretro RetroArch file_stream.c filestream_vscanf out-of-bounds [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2389431 [ 6 ] Bug #2415383 - Broken AppStream metadata https://bugzilla.redhat.com/show_bug.cgi?id=2415383 [ 7 ] Bug #2418241 - CVE-2025-11001 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Executio...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-dda924d757' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: retroarch
Product: Fedora 42
Version: 1.22.0
Release: 1.fc42
URL: https://www.libretro.com/
Summary: Cross-platform, sophisticated frontend for the libretro API.

Topics%20covered

Topics Covered

security advisory fedora update critical remote code execution 7-zip

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here