Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 11 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0241.html Type: security Affected Mageia releases: 10 CVE: CVE-2025-60753, CVE-2026-4111, CVE-2026-4424, CVE-2026-4426, CVE-2026-5121, CVE-2026-5745 Description: The updated packages fix bugs including security ones. References: - https://bugs.mageia.org/show_bug.cgi?id=35836 - https://github.com/libarchive/libarchive/releases/tag/v3.8.8 - https://www.cve.org/CVERecord?id=CVE-2025-60753 - https://www.cve.org/CVERecord?id=CVE-2026-4111 - https://www.cve.org/CVERecord?id=CVE-2026-4424 - https://www.cve.org/CVERecord?id=CVE-2026-4426 - https://www.cve.org/CVERecord?id=CVE-2026-5121 - https://www.cve.org/CVERecord?id=CVE-2026-5745 SRPMS: - 10/core/libarchive-3.8.8-1.mga10 . The Mageia 10 security update addresses critical issues in libarchive, enhancing overall system security and stability.. Mageia security libarchive updates CVE fixes. . Severity: Important. LinuxSecurity.com Team
An update that solves four vulnerabilities can now be installed.. # Security update for libarchive Announcement ID: SUSE-SU-2026:2747-1 Release Date: 2026-07-03T11:46:45Z Rating: important References: * bsc#1253088 * bsc#1259928 * bsc#1259931 * bsc#1261186 Cross-References: * CVE-2025-60753 * CVE-2026-4424 * CVE-2026-4426 * CVE-2026-5121 CVSS scores: * CVE-2025-60753 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-4424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4426 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5121 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues * CVE-2025-60753: bsdtar hangs andOOMs with zero-length pattern matches (bsc#1253088). * CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing (bsc#1259928). * CVE-2026-4426: undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code (bsc#1259931). * CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660 image processing (bsc#1261186). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2747=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2747=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libarchive-debugsource-3.3.3-32.17.1 * libarchive13-3.3.3-32.17.1 * libarchive-devel-3.3.3-32.17.1 * libarchive13-debuginfo-3.3.3-32.17.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libarchive-debugsource-3.3.3-32.17.1 * libarchive13-3.3.3-32.17.1 * libarchive-devel-3.3.3-32.17.1 * libarchive13-debuginfo-3.3.3-32.17.1 ## References: * https://www.suse.com/security/cve/CVE-2025-60753.html * https://www.suse.com/security/cve/CVE-2026-4424.html * https://www.suse.com/security/cve/CVE-2026-4426.html * https://www.suse.com/security/cve/CVE-2026-5121.html * https://bugzilla.suse.com/show_bug.cgi?id=1253088 * https://bugzilla.suse.com/show_bug.cgi?id=1259928 * https://bugzilla.suse.com/show_bug.cgi?id=1259931 * https://bugzilla.suse.com/show_bug.cgi?id=1261186 . SUSE updates libarchive to fix four issues, including info disclosure and code execution risks, ensuring system integrity.. SUSE security update, libarchive vulnerabilities, information disclosure, arbitrary codeexecution. . Severity: Important. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for libarchive Announcement ID: SUSE-SU-2026:22241-1 Release Date: 2026-06-18T08:00:08Z Rating: important References: * bsc#1253088 * bsc#1259635 * bsc#1259928 * bsc#1259931 * bsc#1261186 Cross-References: * CVE-2025-60753 * CVE-2026-4111 * CVE-2026-4424 * CVE-2026-4426 * CVE-2026-5121 CVSS scores: * CVE-2025-60753 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-4111 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4111 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4111 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4426 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5121 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues * CVE-2025-60753: bsdtar hangs and OOMs with zero-length patternmatches (bsc#1253088). * CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half- window output limiter leads to infinite loop and DoS (bsc#1259635). * CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing (bsc#1259928). * CVE-2026-4426: undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code (bsc#1259931). * CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660 image processing (bsc#1261186). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-762=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libarchive13-debuginfo-3.6.2-6.1 * libarchive13-3.6.2-6.1 * libarchive-debugsource-3.6.2-6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-60753.html * https://www.suse.com/security/cve/CVE-2026-4111.html * https://www.suse.com/security/cve/CVE-2026-4424.html * https://www.suse.com/security/cve/CVE-2026-4426.html * https://www.suse.com/security/cve/CVE-2026-5121.html * https://bugzilla.suse.com/show_bug.cgi?id=1253088 * https://bugzilla.suse.com/show_bug.cgi?id=1259635 * https://bugzilla.suse.com/show_bug.cgi?id=1259928 * https://bugzilla.suse.com/show_bug.cgi?id=1259931 * https://bugzilla.suse.com/show_bug.cgi?id=1261186 . Five vulnerabilities in libarchive have received an important security update. Ensure system integrity with this patch.. SUSE vulnerabilities libarchive security update important. . Severity: Important. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for libarchive Announcement ID: SUSE-SU-2026:22248-1 Release Date: 2026-06-22T09:08:13Z Rating: important References: * bsc#1253088 * bsc#1259635 * bsc#1259928 * bsc#1259931 * bsc#1261186 Cross-References: * CVE-2025-60753 * CVE-2026-4111 * CVE-2026-4424 * CVE-2026-4426 * CVE-2026-5121 CVSS scores: * CVE-2025-60753 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-4111 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4111 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4111 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4426 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5121 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues * CVE-2025-60753: bsdtar hangs and OOMs with zero-length patternmatches (bsc#1253088). * CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half- window output limiter leads to infinite loop and DoS (bsc#1259635). * CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing (bsc#1259928). * CVE-2026-4426: undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code (bsc#1259931). * CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660 image processing (bsc#1261186). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-586=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64) * libarchive13-debuginfo-3.7.4-slfo.1.1_4.1 * libarchive-debugsource-3.7.4-slfo.1.1_4.1 * libarchive13-3.7.4-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-60753.html * https://www.suse.com/security/cve/CVE-2026-4111.html * https://www.suse.com/security/cve/CVE-2026-4424.html * https://www.suse.com/security/cve/CVE-2026-4426.html * https://www.suse.com/security/cve/CVE-2026-5121.html * https://bugzilla.suse.com/show_bug.cgi?id=1253088 * https://bugzilla.suse.com/show_bug.cgi?id=1259635 * https://bugzilla.suse.com/show_bug.cgi?id=1259928 * https://bugzilla.suse.com/show_bug.cgi?id=1259931 * https://bugzilla.suse.com/show_bug.cgi?id=1261186 . An important security update for SUSE addressing multiple vulnerabilities in libarchive including DoS and information disclosure issues.. SUSE security update, libarchive vulnerabilities, SUSE Linux Micro patch, libarchive security advisory, important SUSE update. . Severity: Important. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for libarchive Announcement ID: SUSE-SU-2026:2599-1 Release Date: 2026-06-23T15:41:10Z Rating: important References: * bsc#1253088 * bsc#1259635 * bsc#1259928 * bsc#1259931 * bsc#1261186 Cross-References: * CVE-2025-60753 * CVE-2026-4111 * CVE-2026-4424 * CVE-2026-4426 * CVE-2026-5121 CVSS scores: * CVE-2025-60753 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-4111 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4111 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4111 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4426 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5121 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise HighPerformance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues * CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches (bsc#1253088). * CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half- window output limiter leads to infinite loop and DoS (bsc#1259635). * CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing (bsc#1259928). * CVE-2026-4426: undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code (bsc#1259931). * CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660 image processing (bsc#1261186). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2599=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2599=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2599=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patchSUSE-SLE-Micro-5.3-2026-2599=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2599=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2599=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2599=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2599=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2599=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2599=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2599=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2599=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2599=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2599=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * openSUSE Leap 15.4 (x86_64) * libarchive13-32bit-debuginfo-3.5.1-150400.3.24.1 * libarchive13-32bit-3.5.1-150400.3.24.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libarchive13-64bit-3.5.1-150400.3.24.1 * libarchive13-64bit-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2025-60753.html * https://www.suse.com/security/cve/CVE-2026-4111.html * https://www.suse.com/security/cve/CVE-2026-4424.html * https://www.suse.com/security/cve/CVE-2026-4426.html * https://www.suse.com/security/cve/CVE-2026-5121.html * https://bugzilla.suse.com/show_bug.cgi?id=1253088 * https://bugzilla.suse.com/show_bug.cgi?id=1259635 * https://bugzilla.suse.com/show_bug.cgi?id=1259928 * https://bugzilla.suse.com/show_bug.cgi?id=1259931 * https://bugzilla.suse.com/show_bug.cgi?id=1261186 . # Security update for libarchive Announcement ID:SUSE-SU-2026:2599-1 Release Date: 2026-06-23T15:41. update, solves, vulnerabilities, installed, security, libarchive. . Severity: Important. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for libarchive Announcement ID: SUSE-SU-2026:2599-1 Release Date: 2026-06-23T15:41:10Z Rating: important References: * bsc#1253088 * bsc#1259635 * bsc#1259928 * bsc#1259931 * bsc#1261186 Cross-References: * CVE-2025-60753 * CVE-2026-4111 * CVE-2026-4424 * CVE-2026-4426 * CVE-2026-5121 CVSS scores: * CVE-2025-60753 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-4111 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4111 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4111 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4426 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5121 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise HighPerformance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues * CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches (bsc#1253088). * CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half- window output limiter leads to infinite loop and DoS (bsc#1259635). * CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing (bsc#1259928). * CVE-2026-4426: undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code (bsc#1259931). * CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660 image processing (bsc#1261186). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2599=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2599=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2599=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patchSUSE-SLE-Micro-5.3-2026-2599=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2599=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2599=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2599=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2599=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2599=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2599=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2599=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2599=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2599=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2599=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * openSUSE Leap 15.4 (x86_64) * libarchive13-32bit-debuginfo-3.5.1-150400.3.24.1 * libarchive13-32bit-3.5.1-150400.3.24.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libarchive13-64bit-3.5.1-150400.3.24.1 * libarchive13-64bit-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * bsdtar-debuginfo-3.5.1-150400.3.24.1 * bsdtar-3.5.1-150400.3.24.1 * libarchive13-3.5.1-150400.3.24.1 * libarchive-debugsource-3.5.1-150400.3.24.1 * libarchive-devel-3.5.1-150400.3.24.1 * libarchive13-debuginfo-3.5.1-150400.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2025-60753.html * https://www.suse.com/security/cve/CVE-2026-4111.html * https://www.suse.com/security/cve/CVE-2026-4424.html * https://www.suse.com/security/cve/CVE-2026-4426.html * https://www.suse.com/security/cve/CVE-2026-5121.html * https://bugzilla.suse.com/show_bug.cgi?id=1253088 * https://bugzilla.suse.com/show_bug.cgi?id=1259635 * https://bugzilla.suse.com/show_bug.cgi?id=1259928 * https://bugzilla.suse.com/show_bug.cgi?id=1259931 * https://bugzilla.suse.com/show_bug.cgi?id=1261186 . Important security update for libarchive solves five issues,addressing critical vulnerabilities ensuring system protection.. SUSE libarchive security important update. . Severity: Important. LinuxSecurity.com Team
New libarchive packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2026-174-01) New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ Tue Jun 23 23:52:16 UTC 2026 patches/packages/libarchive-3.8.8-i586-1_slack15.0.txz: Upgraded. Libarchive 3.8.8 is a security, bugfix and minor feature release. For more information, see: https://github.com/libarchive/libarchive/releases/tag/v3.8.8 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libarchive-3.8.8-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libarchive-3.8.8-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libarchive-3.8.8-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libarchive-3.8.8-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 92a429019be6ee0e4c8e0018e0d50aae libarchive-3.8.8-i586-1_slack15.0.txz Slackware x86_64 15.0 package: a91182d3983797f1c9859f26f9d720f0 libarchive-3.8.8-x86_64-1_slack15.0.txz Slackware -current package: 5a3cd2b58a71e4493a12e88d07d05386 l/libarchive-3.8.8-i686-1.txz Slackware x86_64 -current package: 3cbf0b1d3cd3a6491be490edc890c270 l/libarchive-3.8.8-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg libarchive-3.8.8-i586-1_slack15.0.txz +-----+ . New Slackware packages fix security issues in libarchive. Upgrade to mitigate risks associated with this update.. libarchive update, slackware security, package upgrade. . Severity: Critical. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for libarchive Announcement ID: SUSE-SU-2026:2490-1 Release Date: 2026-06-22T12:34:32Z Rating: important References: * bsc#1253088 * bsc#1259635 * bsc#1259928 * bsc#1259931 * bsc#1261186 Cross-References: * CVE-2025-60753 * CVE-2026-4111 * CVE-2026-4424 * CVE-2026-4426 * CVE-2026-5121 CVSS scores: * CVE-2025-60753 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-4111 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4111 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4111 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4426 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5121 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux EnterpriseServer 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues * CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches (bsc#1253088). * CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half- window output limiter leads to infinite loop and DoS (bsc#1259635). * CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing (bsc#1259928). * CVE-2026-4426: undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code (bsc#1259931). * CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660 image processing (bsc#1261186). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2490=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2490=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2490=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2490=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2490=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * libarchive13-3.7.2-150600.3.20.1 * bsdtar-debuginfo-3.7.2-150600.3.20.1 * libarchive-devel-3.7.2-150600.3.20.1 * libarchive13-debuginfo-3.7.2-150600.3.20.1 * bsdtar-3.7.2-150600.3.20.1 * libarchive-debugsource-3.7.2-150600.3.20.1 * openSUSE Leap 15.6 (x86_64) *libarchive13-32bit-debuginfo-3.7.2-150600.3.20.1 * libarchive13-32bit-3.7.2-150600.3.20.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libarchive13-64bit-3.7.2-150600.3.20.1 * libarchive13-64bit-debuginfo-3.7.2-150600.3.20.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libarchive13-3.7.2-150600.3.20.1 * bsdtar-debuginfo-3.7.2-150600.3.20.1 * libarchive-devel-3.7.2-150600.3.20.1 * libarchive13-debuginfo-3.7.2-150600.3.20.1 * bsdtar-3.7.2-150600.3.20.1 * libarchive-debugsource-3.7.2-150600.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libarchive13-3.7.2-150600.3.20.1 * bsdtar-debuginfo-3.7.2-150600.3.20.1 * libarchive-devel-3.7.2-150600.3.20.1 * libarchive13-debuginfo-3.7.2-150600.3.20.1 * bsdtar-3.7.2-150600.3.20.1 * libarchive-debugsource-3.7.2-150600.3.20.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * bsdtar-debuginfo-3.7.2-150600.3.20.1 * bsdtar-3.7.2-150600.3.20.1 * libarchive-debugsource-3.7.2-150600.3.20.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libarchive13-debuginfo-3.7.2-150600.3.20.1 * libarchive-devel-3.7.2-150600.3.20.1 * libarchive-debugsource-3.7.2-150600.3.20.1 * libarchive13-3.7.2-150600.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2025-60753.html * https://www.suse.com/security/cve/CVE-2026-4111.html * https://www.suse.com/security/cve/CVE-2026-4424.html * https://www.suse.com/security/cve/CVE-2026-4426.html * https://www.suse.com/security/cve/CVE-2026-5121.html * https://bugzilla.suse.com/show_bug.cgi?id=1253088 * https://bugzilla.suse.com/show_bug.cgi?id=1259635 * https://bugzilla.suse.com/show_bug.cgi?id=1259928 * https://bugzilla.suse.com/show_bug.cgi?id=1259931 * https://bugzilla.suse.com/show_bug.cgi?id=1261186 . This update addresses critical issues in libarchive for openSUSE ensuring enhanced security against multiple risks.. libarchive update,openSUSE security, important patch, libarchive vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.