openSUSE: 7zip Moderate Security Update DoS Issues openSUSE-SU-2025:0339-1
opensuse
September 8, 2025
An update that solves two vulnerabilities and has one errata is now available
Description
This update for 7zip fixes the following issues:
- Update to 25.01 (boo#1249130)
* The code for handling symbolic links has been changed to provide
greater security when extracting files from archives
* Command line switch -snld20 can be used to bypass default security
checks when creating symbolic links.
- includes changes from 25.00:
* bzip2 compression speed was increased by 15-40%.
* deflate (zip/gz) compression speed was increased by 1-3%.
* improved support for zip, cpio and fat archives.
* CVE-2025-53816 : 7-Zip could work incorrectly for some incorrect RAR
archives (boo#1246706)
* CVE-2025-53817 : 7-Zip could crash for some incorrect COM (Compound
File) archives (boo#1246707)
- Update to 24.09:
* The default dictionary size values for LZMA/LZMA2 compression methods
were increased
* 7-Zip now can calculate the following hash checksums: SHA-512,
SHA-384, SHA3-256 and MD5.
*...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.6:
zypper in -t patch openSUSE-2025-339=1
Package List
- openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64):
7zip-25.01-lp156.2.3.1
References
https://www.suse.com/security/cve/CVE-2025-53816.html
https://www.suse.com/security/cve/CVE-2025-53817.html
https://bugzilla.suse.com/1246706
https://bugzilla.suse.com/1246707
https://bugzilla.suse.com/1249130
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!