Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 24.04 LTS: USN-7454-1 critical: libarchive denial of service

ubuntu
Calendar Grey April 23, 2025
Dist Ubuntu Esm H88
Numerous vulnerabilities in libarchive necessitate urgent patches for Ubuntu installations. Safeguard your system today!
Several security issues were fixed in libarchive.

Summary

Several security issues were fixed in libarchive.

Software Description:

- libarchive: Library to read/write archive files

Details:

It was discovered that the libarchive bsdunzip utility incorrectly handled

certain ZIP archive files. If a user or automated system were tricked into

processing a specially crafted ZIP archive, an attacker could use this

issue to cause libarchive to crash, resulting in a denial of service, or

possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS,

Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-1632)

It was discovered that libarchive incorrectly handled certain TAR archive

files. If a user or automated system were tricked into processing a

specially crafted TAR archive, an attacker could use this issue to cause

libarchive to crash, resulting in a denial of service, or possibly execute

arbitrary code. (CVE-2025-25724)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
   libarchive-tools                3.7.7-0ubuntu2.1
   libarchive13t64                 3.7.7-0ubuntu2.1

Ubuntu 24.10
   libarchive-tools                3.7.4-1ubuntu0.2
   libarchive13t64                 3.7.4-1ubuntu0.2

Ubuntu 24.04 LTS
   libarchive-tools                3.7.2-2ubuntu0.4
   libarchive13t64                 3.7.2-2ubuntu0.4

Ubuntu 22.04 LTS
   libarchive-tools                3.6.0-1ubuntu1.4
   libarchive13                    3.6.0-1ubuntu1.4

Ubuntu 20.04 LTS
   libarchive-tools                3.4.0-2ubuntu1.5
   libarchive13                    3.4.0-2ubuntu1.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7454-1

CVE-2025-1632, CVE-2025-25724

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7454-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here