Alerts This Week
Warning Icon 1 1,365
Alerts This Week
Warning Icon 1 1,365

openSUSE 7zip Important Denial Of Service Vulnern 2026-21038-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
A security update for openSUSE addresses 8 vulnerabilities in 7zip software ensuring enhanced protection against risks.
An update that solves 8 vulnerabilities and has 8 bug fixes can now be installed.

Description

This update for 7zip fixes the following issues

Update to 26.01:

- CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure (bsc#1267858).

- CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation (bsc#1267421).

- CVE-2026-48101: Information Disclosure via uninitialized memory in UEFI capsule parser (bsc#1267859).

- CVE-2026-48102: Information disclosure and denial of service via crafted UDF image (bsc#1267860).

- CVE-2026-48103: off-by-one heap out-of-bounds read (bsc#1267861).

- CVE-2026-48104: Uninitialized heap read in SquashFS archive handler (bsc#1267862).

- CVE-2026-48111: off-by-one out-of-bounds read in ParseDepedencyExpression function (bsc#1267863).

- CVE-2026-48112: heap out-of-bounds read in BSD SYMDEF parser (bsc#1267864).

Changes:

* linux version of 7-Zip can use huge pages (2 MB pages). It can

increase compression speed for 10% for 7z/xz/LZMA/LZMA2 compression.

* new -spo[d|c|r] switch specifies the...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service important heap overflow information disclosure OpenSUSE

Patch

Package List

- openSUSE Leap 16.0:

7zip-26.01-160000.1.1

References

* bsc#1267421

* bsc#1267858

* bsc#1267859

* bsc#1267860

* bsc#1267861

* bsc#1267862

* bsc#1267863

* bsc#1267864

References:

* https://www.suse.com/security/cve/CVE-2026-48092.html

* https://www.suse.com/security/cve/CVE-2026-48095.html

* https://www.suse.com/security/cve/CVE-2026-48101.html

* https://www.suse.com/security/cve/CVE-2026-48102.html

* https://www.suse.com/security/cve/CVE-2026-48103.html

* https://www.suse.com/security/cve/CVE-2026-48104.html

* https://www.suse.com/security/cve/CVE-2026-48111.html

* https://www.suse.com/security/cve/CVE-2026-48112.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21038-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory denial of service important heap overflow information disclosure OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here