Mageia 2025-0102: libarchive Security Advisory Updates

mageia

March 17, 2025

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted...

Summary

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. (CVE-2025-25724

References

- https://bugs.mageia.org/show_bug.cgi?id=34102

- https://www.cve.org/CVERecord?id=CVE-2025-25724

Topics Covered

security advisory denial of service security update libarchive Mageia tar utility

Resolution

SRPMS

- 9/core/libarchive-3.6.2-5.4.mga9

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 17 Mar 2025

URL: https://advisories.mageia.org/MGASA-2025-0102.html

Type: security

CVE: CVE-2025-25724

Topics Covered

security advisory denial of service security update libarchive Mageia tar utility

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 2025-0102: libarchive Security Advisory Updates

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 2025-0102: libarchive Security Advisory Updates

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!