{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Low" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"libarchive security update", "category":"general", "title":"Synopsis" }, { "text":"An update for libarchive is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use .\n\nSecurity Fix(es):\n\nA vulnerability was found in libarchive up to 3.7.x (File Compression Software). It has been classified as critical.CWE is classifying the issue as CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.(CVE-2025-5914)\n\nA vulnerability was found in libarchive up to 3.7.x (File Compression Software). It has been declared as critical.The CWE definition for the vulnerability is CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.(CVE-2025-5915)\n\nA vulnerability was found in libarchive up to 3.7.x (File Compression Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Impacted is confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.(CVE-2025-5916)\n\nA vulnerability classified as critical has been found in libarchive up to 3.7.x (File Compression Software).CWE is classifying the issue as CWE-193. A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.(CVE-2025-5917)\n\nA vulnerability classified as critical was found in libarchive up to 3.7.x (File Compression Software).The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.(CVE-2025-5918)", "category":"general", "title":"Description" }, { "text":"An update for libarchive is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Low", "category":"general", "title":"Severity" }, { "text":"libarchive", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1623", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1623" }, { "summary":"CVE-2025-5914", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-5914&packageName=libarchive" }, { "summary":"CVE-2025-5915", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-5915&packageName=libarchive" }, { "summary":"CVE-2025-5916", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-5916&packageName=libarchive" }, { "summary":"CVE-2025-5917", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-5917&packageName=libarchive" }, { "summary":"CVE-2025-5918", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-5918&packageName=libarchive" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5914" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5915" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5916" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5917" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5918" }, { "summary":"openEuler-SA-2025-1623 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1623.json" } ], "title":"An update for libarchive is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-06-13T22:20:24+08:00", "revision_history":[ { "date":"2025-06-13T22:20:24+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-06-13T22:20:24+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-06-13T22:20:24+08:00", "id":"openEuler-SA-2025-1623", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bsdcat-3.7.1-7.oe2403sp1.aarch64.rpm", "name":"bsdcat-3.7.1-7.oe2403sp1.aarch64.rpm" }, "name":"bsdcat-3.7.1-7.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bsdcpio-3.7.1-7.oe2403sp1.aarch64.rpm", "name":"bsdcpio-3.7.1-7.oe2403sp1.aarch64.rpm" }, "name":"bsdcpio-3.7.1-7.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bsdtar-3.7.1-7.oe2403sp1.aarch64.rpm", "name":"bsdtar-3.7.1-7.oe2403sp1.aarch64.rpm" }, "name":"bsdtar-3.7.1-7.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bsdunzip-3.7.1-7.oe2403sp1.aarch64.rpm", "name":"bsdunzip-3.7.1-7.oe2403sp1.aarch64.rpm" }, "name":"bsdunzip-3.7.1-7.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-3.7.1-7.oe2403sp1.aarch64.rpm", "name":"libarchive-3.7.1-7.oe2403sp1.aarch64.rpm" }, "name":"libarchive-3.7.1-7.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64.rpm", "name":"libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64.rpm" }, "name":"libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64.rpm", "name":"libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64.rpm" }, "name":"libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-devel-3.7.1-7.oe2403sp1.aarch64.rpm", "name":"libarchive-devel-3.7.1-7.oe2403sp1.aarch64.rpm" }, "name":"libarchive-devel-3.7.1-7.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bsdcat-3.7.1-7.oe2403sp1.x86_64.rpm", "name":"bsdcat-3.7.1-7.oe2403sp1.x86_64.rpm" }, "name":"bsdcat-3.7.1-7.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bsdcpio-3.7.1-7.oe2403sp1.x86_64.rpm", "name":"bsdcpio-3.7.1-7.oe2403sp1.x86_64.rpm" }, "name":"bsdcpio-3.7.1-7.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bsdtar-3.7.1-7.oe2403sp1.x86_64.rpm", "name":"bsdtar-3.7.1-7.oe2403sp1.x86_64.rpm" }, "name":"bsdtar-3.7.1-7.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bsdunzip-3.7.1-7.oe2403sp1.x86_64.rpm", "name":"bsdunzip-3.7.1-7.oe2403sp1.x86_64.rpm" }, "name":"bsdunzip-3.7.1-7.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-3.7.1-7.oe2403sp1.x86_64.rpm", "name":"libarchive-3.7.1-7.oe2403sp1.x86_64.rpm" }, "name":"libarchive-3.7.1-7.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64.rpm", "name":"libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64.rpm" }, "name":"libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64.rpm", "name":"libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64.rpm" }, "name":"libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-devel-3.7.1-7.oe2403sp1.x86_64.rpm", "name":"libarchive-devel-3.7.1-7.oe2403sp1.x86_64.rpm" }, "name":"libarchive-devel-3.7.1-7.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-3.7.1-7.oe2403sp1.src.rpm", "name":"libarchive-3.7.1-7.oe2403sp1.src.rpm" }, "name":"libarchive-3.7.1-7.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libarchive-help-3.7.1-7.oe2403sp1.noarch.rpm", "name":"libarchive-help-3.7.1-7.oe2403sp1.noarch.rpm" }, "name":"libarchive-help-3.7.1-7.oe2403sp1.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bsdcat-3.7.1-7.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "name":"bsdcat-3.7.1-7.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bsdcpio-3.7.1-7.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "name":"bsdcpio-3.7.1-7.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bsdtar-3.7.1-7.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "name":"bsdtar-3.7.1-7.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bsdunzip-3.7.1-7.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "name":"bsdunzip-3.7.1-7.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-3.7.1-7.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "name":"libarchive-3.7.1-7.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "name":"libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "name":"libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-devel-3.7.1-7.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "name":"libarchive-devel-3.7.1-7.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bsdcat-3.7.1-7.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "name":"bsdcat-3.7.1-7.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bsdcpio-3.7.1-7.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "name":"bsdcpio-3.7.1-7.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bsdtar-3.7.1-7.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "name":"bsdtar-3.7.1-7.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bsdunzip-3.7.1-7.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "name":"bsdunzip-3.7.1-7.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-3.7.1-7.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "name":"libarchive-3.7.1-7.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "name":"libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "name":"libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-devel-3.7.1-7.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "name":"libarchive-devel-3.7.1-7.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-3.7.1-7.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "name":"libarchive-3.7.1-7.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libarchive-help-3.7.1-7.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch", "name":"libarchive-help-3.7.1-7.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-5914", "notes":[ { "text":"A vulnerability was found in libarchive up to 3.7.x (File Compression Software). It has been classified as critical.CWE is classifying the issue as CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ], "details":"libarchive security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1623" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-5914" }, { "cve":"CVE-2025-5915", "notes":[ { "text":"A vulnerability was found in libarchive up to 3.7.x (File Compression Software). It has been declared as critical.The CWE definition for the vulnerability is CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ], "details":"libarchive security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1623" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-5915" }, { "cve":"CVE-2025-5916", "notes":[ { "text":"A vulnerability was found in libarchive up to 3.7.x (File Compression Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Impacted is confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ], "details":"libarchive security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1623" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-5916" }, { "cve":"CVE-2025-5917", "notes":[ { "text":"A vulnerability classified as critical has been found in libarchive up to 3.7.x (File Compression Software).CWE is classifying the issue as CWE-193. A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ], "details":"libarchive security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1623" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":2.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-5917" }, { "cve":"CVE-2025-5918", "notes":[ { "text":"A vulnerability classified as critical was found in libarchive up to 3.7.x (File Compression Software).The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ], "details":"libarchive security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1623" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bsdcat-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdcpio-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdtar-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bsdunzip-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debuginfo-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-debugsource-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-devel-3.7.1-7.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libarchive-3.7.1-7.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libarchive-help-3.7.1-7.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-5918" } ] }