{"id":"RHSA-2025:9431","summary":"Red Hat Security Advisory: libarchive security update","modified":"2026-03-18T11:09:27Z","published":"2025-06-25T10:06:24Z","upstream":["CVE-2025-25724"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9431"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349221"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9431.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-25724"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-25724"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25724"},{"type":"ARTICLE","url":"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"},{"type":"ARTICLE","url":"https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"},{"type":"ARTICLE","url":"https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"}],"affected":[{"package":{"name":"bsdcat-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/bsdcat-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"bsdcpio-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/bsdcpio-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"bsdtar","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/bsdtar"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"bsdtar-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/bsdtar-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"libarchive","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libarchive"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"libarchive-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libarchive-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"libarchive-debugsource","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libarchive-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"libarchive-devel","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libarchive-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"bsdcat-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/bsdcat-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"bsdcpio-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/bsdcpio-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"bsdtar","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/bsdtar"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"bsdtar-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/bsdtar-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"libarchive","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libarchive"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"libarchive-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libarchive-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"libarchive-debugsource","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libarchive-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}},{"package":{"name":"libarchive-devel","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libarchive-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.el9_6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:9431.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}