Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 24.04 LTS: USN-7454-1 critical: libarchive denial of service

Calendar Apr 23, 2025 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service software update code execution ubuntu libarchive
Several security issues were fixed in libarchive. 
==========================================================================
Ubuntu Security Notice USN-7454-1
April 23, 2025

libarchive vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in libarchive.

Software Description:
- libarchive: Library to read/write archive files

Details:

It was discovered that the libarchive bsdunzip utility incorrectly handled
certain ZIP archive files. If a user or automated system were tricked into
processing a specially crafted ZIP archive, an attacker could use this
issue to cause libarchive to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS,
Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-1632)

It was discovered that libarchive incorrectly handled certain TAR archive
files. If a user or automated system were tricked into processing a
specially crafted TAR archive, an attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2025-25724)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
   libarchive-tools                3.7.7-0ubuntu2.1
   libarchive13t64                 3.7.7-0ubuntu2.1

Ubuntu 24.10
   libarchive-tools                3.7.4-1ubuntu0.2
   libarchive13t64                 3.7.4-1ubuntu0.2

Ubuntu 24.04 LTS
   libarchive-tools                3.7.2-2ubuntu0.4
   libarchive13t64                 3.7.2-2ubuntu0.4

Ubuntu 22.04 LTS
   libarchive-tools                3.6.0-1ubuntu1.4
   libarchive13                    3.6.0-1ubuntu1.4

Ubuntu 20.04 LTS
   libarchive-tools                3.4.0-2ubuntu1.5
   libarchive13                    3.4.0-2ubuntu1.5

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7454-1
   CVE-2025-1632, CVE-2025-25724

Package Information:
   https://launchpad.net/ubuntu/+source/libarchive/3.7.7-0ubuntu2.1
   https://launchpad.net/ubuntu/+source/libarchive/3.7.4-1ubuntu0.2
   https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.4
   https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.4
   https://launchpad.net/ubuntu/+source/libarchive/3.4.0-2ubuntu1.5

Ubuntu 24.04 LTS: USN-7454-1 critical: libarchive denial of service

ubuntu
Calendar Grey April 23, 2025
Dist Ubuntu Esm H88
Numerous vulnerabilities in libarchive necessitate urgent patches for Ubuntu installations. Safeguard your system today!
Several security issues were fixed in libarchive.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in libarchive. Software Description: - libarchive: Library to read/write archive files Details: It was discovered that the libarchive bsdunzip utility incorrectly handled certain ZIP archive files. If a user or automated system were tricked into processing a specially crafted ZIP archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-1632) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could use this issue to cause libarchive to crash, resulting...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service software update code execution ubuntu libarchive

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libarchive-tools 3.7.7-0ubuntu2.1 libarchive13t64 3.7.7-0ubuntu2.1 Ubuntu 24.10 libarchive-tools 3.7.4-1ubuntu0.2 libarchive13t64 3.7.4-1ubuntu0.2 Ubuntu 24.04 LTS libarchive-tools 3.7.2-2ubuntu0.4 libarchive13t64 3.7.2-2ubuntu0.4 Ubuntu 22.04 LTS libarchive-tools 3.6.0-1ubuntu1.4 libarchive13 3.6.0-1ubuntu1.4 Ubuntu 20.04 LTS libarchive-tools 3.4.0-2ubuntu1.5 libarchive13 3.4.0-2ubuntu1.5 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7454-1

CVE-2025-1632, CVE-2025-25724

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7454-1

Topics%20covered

Topics Covered

security advisory denial of service software update code execution ubuntu libarchive

Package Information

https://launchpad.net/ubuntu/+source/libarchive/3.7.7-0ubuntu2.1 https://launchpad.net/ubuntu/+source/libarchive/3.7.4-1ubuntu0.2 https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.4 https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.4 https://launchpad.net/ubuntu/+source/libarchive/3.4.0-2ubuntu1.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here