{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"libarchive security update", "category":"general", "title":"Synopsis" }, { "text":"An update for libarchive is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":" is an open-source BSD-licensed C programming library that \nprovides streaming access to a variety of different archive formats,\nincluding tar, cpio, pax, zip, and ISO9660 images. The distribution \nalso includes bsdtar and bsdcpio, full-featured implementations of \ntar and cpio that use .\n\nSecurity Fix(es):\n\nA vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.(CVE-2025-1632)\n\nlist_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.(CVE-2025-25724)", "category":"general", "title":"Description" }, { "text":"An update for libarchive is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"libarchive", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1310", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1310" }, { "summary":"CVE-2025-1632", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-1632&packageName=libarchive" }, { "summary":"CVE-2025-25724", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-25724&packageName=libarchive" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1632" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25724" }, { "summary":"openEuler-SA-2025-1310 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1310.json" } ], "title":"An update for libarchive is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2025-03-21T21:19:31+08:00", "revision_history":[ { "date":"2025-03-21T21:19:31+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-03-21T21:19:31+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-03-21T21:19:31+08:00", "id":"openEuler-SA-2025-1310", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bsdcat-3.7.1-6.oe2403.aarch64.rpm", "name":"bsdcat-3.7.1-6.oe2403.aarch64.rpm" }, "name":"bsdcat-3.7.1-6.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bsdcpio-3.7.1-6.oe2403.aarch64.rpm", "name":"bsdcpio-3.7.1-6.oe2403.aarch64.rpm" }, "name":"bsdcpio-3.7.1-6.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bsdtar-3.7.1-6.oe2403.aarch64.rpm", "name":"bsdtar-3.7.1-6.oe2403.aarch64.rpm" }, "name":"bsdtar-3.7.1-6.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bsdunzip-3.7.1-6.oe2403.aarch64.rpm", "name":"bsdunzip-3.7.1-6.oe2403.aarch64.rpm" }, "name":"bsdunzip-3.7.1-6.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-3.7.1-6.oe2403.aarch64.rpm", "name":"libarchive-3.7.1-6.oe2403.aarch64.rpm" }, "name":"libarchive-3.7.1-6.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-debuginfo-3.7.1-6.oe2403.aarch64.rpm", "name":"libarchive-debuginfo-3.7.1-6.oe2403.aarch64.rpm" }, "name":"libarchive-debuginfo-3.7.1-6.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-debugsource-3.7.1-6.oe2403.aarch64.rpm", "name":"libarchive-debugsource-3.7.1-6.oe2403.aarch64.rpm" }, "name":"libarchive-debugsource-3.7.1-6.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-devel-3.7.1-6.oe2403.aarch64.rpm", "name":"libarchive-devel-3.7.1-6.oe2403.aarch64.rpm" }, "name":"libarchive-devel-3.7.1-6.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bsdcat-3.7.1-6.oe2403.x86_64.rpm", "name":"bsdcat-3.7.1-6.oe2403.x86_64.rpm" }, "name":"bsdcat-3.7.1-6.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bsdcpio-3.7.1-6.oe2403.x86_64.rpm", "name":"bsdcpio-3.7.1-6.oe2403.x86_64.rpm" }, "name":"bsdcpio-3.7.1-6.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bsdtar-3.7.1-6.oe2403.x86_64.rpm", "name":"bsdtar-3.7.1-6.oe2403.x86_64.rpm" }, "name":"bsdtar-3.7.1-6.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bsdunzip-3.7.1-6.oe2403.x86_64.rpm", "name":"bsdunzip-3.7.1-6.oe2403.x86_64.rpm" }, "name":"bsdunzip-3.7.1-6.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-3.7.1-6.oe2403.x86_64.rpm", "name":"libarchive-3.7.1-6.oe2403.x86_64.rpm" }, "name":"libarchive-3.7.1-6.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-debuginfo-3.7.1-6.oe2403.x86_64.rpm", "name":"libarchive-debuginfo-3.7.1-6.oe2403.x86_64.rpm" }, "name":"libarchive-debuginfo-3.7.1-6.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-debugsource-3.7.1-6.oe2403.x86_64.rpm", "name":"libarchive-debugsource-3.7.1-6.oe2403.x86_64.rpm" }, "name":"libarchive-debugsource-3.7.1-6.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-devel-3.7.1-6.oe2403.x86_64.rpm", "name":"libarchive-devel-3.7.1-6.oe2403.x86_64.rpm" }, "name":"libarchive-devel-3.7.1-6.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-3.7.1-6.oe2403.src.rpm", "name":"libarchive-3.7.1-6.oe2403.src.rpm" }, "name":"libarchive-3.7.1-6.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libarchive-help-3.7.1-6.oe2403.noarch.rpm", "name":"libarchive-help-3.7.1-6.oe2403.noarch.rpm" }, "name":"libarchive-help-3.7.1-6.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bsdcat-3.7.1-6.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.aarch64", "name":"bsdcat-3.7.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bsdcpio-3.7.1-6.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.aarch64", "name":"bsdcpio-3.7.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bsdtar-3.7.1-6.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.aarch64", "name":"bsdtar-3.7.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bsdunzip-3.7.1-6.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.aarch64", "name":"bsdunzip-3.7.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-3.7.1-6.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.aarch64", "name":"libarchive-3.7.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-debuginfo-3.7.1-6.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.aarch64", "name":"libarchive-debuginfo-3.7.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-debugsource-3.7.1-6.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.aarch64", "name":"libarchive-debugsource-3.7.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-devel-3.7.1-6.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.aarch64", "name":"libarchive-devel-3.7.1-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bsdcat-3.7.1-6.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.x86_64", "name":"bsdcat-3.7.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bsdcpio-3.7.1-6.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.x86_64", "name":"bsdcpio-3.7.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bsdtar-3.7.1-6.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.x86_64", "name":"bsdtar-3.7.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bsdunzip-3.7.1-6.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.x86_64", "name":"bsdunzip-3.7.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-3.7.1-6.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.x86_64", "name":"libarchive-3.7.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-debuginfo-3.7.1-6.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.x86_64", "name":"libarchive-debuginfo-3.7.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-debugsource-3.7.1-6.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.x86_64", "name":"libarchive-debugsource-3.7.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-devel-3.7.1-6.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.x86_64", "name":"libarchive-devel-3.7.1-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-3.7.1-6.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.src", "name":"libarchive-3.7.1-6.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libarchive-help-3.7.1-6.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libarchive-help-3.7.1-6.oe2403.noarch", "name":"libarchive-help-3.7.1-6.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-1632", "notes":[ { "text":"A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.src", "openEuler-24.03-LTS:libarchive-help-3.7.1-6.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.src", "openEuler-24.03-LTS:libarchive-help-3.7.1-6.oe2403.noarch" ], "details":"libarchive security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1310" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.src", "openEuler-24.03-LTS:libarchive-help-3.7.1-6.oe2403.noarch" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-1632" }, { "cve":"CVE-2025-25724", "notes":[ { "text":"list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.src", "openEuler-24.03-LTS:libarchive-help-3.7.1-6.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.src", "openEuler-24.03-LTS:libarchive-help-3.7.1-6.oe2403.noarch" ], "details":"libarchive security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1310" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.aarch64", "openEuler-24.03-LTS:bsdcat-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdcpio-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdtar-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:bsdunzip-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debuginfo-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-debugsource-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-devel-3.7.1-6.oe2403.x86_64", "openEuler-24.03-LTS:libarchive-3.7.1-6.oe2403.src", "openEuler-24.03-LTS:libarchive-help-3.7.1-6.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-25724" } ] }