Red Hat Product Errata RHSA-2025:14135 - Security Advisory
Issued:
2025-08-20
Updated:
2025-08-20

RHSA-2025:14135 - Security Advisory

Synopsis

Important: libarchive security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libarchive is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.

Security Fix(es):

  • libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

  • BZ - 2370861 - CVE-2025-5914 libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Red Hat Enterprise Linux for x86_64 8

SRPM
libarchive-3.3.3-6.el8_10.src.rpm SHA-256: 411f2b5c7c8b0465e3d4c6dd1e91c6db56ed564f54ac3e100114cb9a86b0fcab
x86_64
bsdcat-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: 39b57ec1511a83d87b207ef4fc8baa15e2efe2d656ad7662b300af7c6168a329
bsdcat-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: cb3b2f69ed748f7d10511d8ec0535037b210a0f5a6f0c1370b0834911362445b
bsdcpio-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: 07f3e673497d2b8ba23db4b188c06de5bd499505dc428530a5ba47bed385fce8
bsdcpio-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: b18e4481a4aa24ea4ce232d354a73a1dfa534f98508881c42dc7d8780476806b
bsdtar-3.3.3-6.el8_10.x86_64.rpm SHA-256: 907c4f95e0078837717a30f25ece542b2f68468f8da7f1f634239b76d8b78706
bsdtar-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: e3f844a8a5446821f391f27f4467cc4064ed43fc1a014334e753f6e675e89b74
bsdtar-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: cd19626c23b629255a2db4439178d6da06576f3f82334e1036303abde431e2ec
libarchive-3.3.3-6.el8_10.i686.rpm SHA-256: 25b676139644f8f39eddf0a6d5ac02dba1e0da6a2311fe08b0b22decce62b461
libarchive-3.3.3-6.el8_10.x86_64.rpm SHA-256: d9896589fde144ea8a2eb6e489862bdbd99a02489c2519f10428e029ff68dcb9
libarchive-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: c58184bdda2f0058e73a48e471503e8d7bc838c734e0651170e4144c4cf527ea
libarchive-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: 04cb501520d36fcb8cac52a83c5757ef49e271e0919f43e31d482bc29c8eb1b5
libarchive-debugsource-3.3.3-6.el8_10.i686.rpm SHA-256: 8058dcdbf3f3b94e93c496992d6fb8f86b2b67584d9dd8379a2f75a5dff8b04e
libarchive-debugsource-3.3.3-6.el8_10.x86_64.rpm SHA-256: efc09185ef44eef15730c8332813f25a4a25d5bf77cc835d65ebe8e1e96fd5a7

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libarchive-3.3.3-6.el8_10.src.rpm SHA-256: 411f2b5c7c8b0465e3d4c6dd1e91c6db56ed564f54ac3e100114cb9a86b0fcab
s390x
bsdcat-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 412080d8562ed829151015e06ab67319749704f869c7942656a81bdb708d6578
bsdcpio-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 35051a1c139081a89e774bcf3c6be0b39f472f9d1e31a70412d2ab8a0dfeca98
bsdtar-3.3.3-6.el8_10.s390x.rpm SHA-256: 037e11ef1e5a93cbc5ac0ac9b66d0d933060f25c647652cf47387a9ed0d347cc
bsdtar-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 9cb15a82f80faf738e3bd362beadd375928f892fef1ecff7b5e1e2bc380ae01d
libarchive-3.3.3-6.el8_10.s390x.rpm SHA-256: 49d820bd623c6eb8465d785b110c0989fd280bb598f46c0b511deed2a5746cf9
libarchive-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: bbdaf42fdf012de7f22b850cc20f422e6e046c097ed9f9a547b453ab201e7baa
libarchive-debugsource-3.3.3-6.el8_10.s390x.rpm SHA-256: 651a1a3577691d60167f5b4a0d5d828f84e2a77e411fb918dcb012eea93571fe

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libarchive-3.3.3-6.el8_10.src.rpm SHA-256: 411f2b5c7c8b0465e3d4c6dd1e91c6db56ed564f54ac3e100114cb9a86b0fcab
ppc64le
bsdcat-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: e022c8b028501e74f04a9240608769d853b56d87e4e4bf3b3f9f6df19e9aa8a8
bsdcpio-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 503d719eeac9d11f7b7473fd5da363ed6c49be93b76859565d58cd58b53965d9
bsdtar-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 6b79771ae01caab0d9d826b10dfd654efe06035b80935dcb1ee7ae09174684c8
bsdtar-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 7826e92af9b5ca569753fa38d18e43d7bd51ed5edd4a6811cb46b699805ac718
libarchive-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 3aa9daf34945b0133c7fd8d87965826b25e033025e4d48ffeb74dbb58df29287
libarchive-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 6d84f0bee516a86953e099b47e28e5e0467ca4a0f1095c76f1fa575beee68d30
libarchive-debugsource-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 6d331aded935adfa899c5e510cdb071661875b0c358950d8a38fa79805c7c972

Red Hat Enterprise Linux for ARM 64 8

SRPM
libarchive-3.3.3-6.el8_10.src.rpm SHA-256: 411f2b5c7c8b0465e3d4c6dd1e91c6db56ed564f54ac3e100114cb9a86b0fcab
aarch64
bsdcat-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 8df756f43a18dbc2d8df8eb2474af4b7e7e71db39329537954c47aec4f5cfc12
bsdcpio-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 805448856a3f874f62fa199db2bb050722da8f3141e021e174ebb3cad68ec54e
bsdtar-3.3.3-6.el8_10.aarch64.rpm SHA-256: 953bef085f7cd5b2b417cb8435330ea2fe3d0dfaa2ab06bf27996eb3efbd242f
bsdtar-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: c63910e3af6b577d3a0e2f3434fc8c3f2b1965cb8fc7aef0c41fe8c6c2297330
libarchive-3.3.3-6.el8_10.aarch64.rpm SHA-256: 27ad5c21d4de008be6dcfd0e4264495ed568663057ce5a317ca1017b330d67e7
libarchive-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 7d703c4fea022d7e63a4ab12eb664438b9b16fb44dc7a1221dc16f543a608f6f
libarchive-debugsource-3.3.3-6.el8_10.aarch64.rpm SHA-256: a06dca5f659bfa00584444ff6e9325ff4e926b784b2a09f78b63b3095b7de601

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
bsdcat-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: 39b57ec1511a83d87b207ef4fc8baa15e2efe2d656ad7662b300af7c6168a329
bsdcat-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: cb3b2f69ed748f7d10511d8ec0535037b210a0f5a6f0c1370b0834911362445b
bsdcpio-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: 07f3e673497d2b8ba23db4b188c06de5bd499505dc428530a5ba47bed385fce8
bsdcpio-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: b18e4481a4aa24ea4ce232d354a73a1dfa534f98508881c42dc7d8780476806b
bsdtar-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: e3f844a8a5446821f391f27f4467cc4064ed43fc1a014334e753f6e675e89b74
bsdtar-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: cd19626c23b629255a2db4439178d6da06576f3f82334e1036303abde431e2ec
libarchive-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: c58184bdda2f0058e73a48e471503e8d7bc838c734e0651170e4144c4cf527ea
libarchive-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: 04cb501520d36fcb8cac52a83c5757ef49e271e0919f43e31d482bc29c8eb1b5
libarchive-debugsource-3.3.3-6.el8_10.i686.rpm SHA-256: 8058dcdbf3f3b94e93c496992d6fb8f86b2b67584d9dd8379a2f75a5dff8b04e
libarchive-debugsource-3.3.3-6.el8_10.x86_64.rpm SHA-256: efc09185ef44eef15730c8332813f25a4a25d5bf77cc835d65ebe8e1e96fd5a7
libarchive-devel-3.3.3-6.el8_10.i686.rpm SHA-256: 36363d6f8d6f39f0ede23d51b8b0694e353891212136754a5bc41a88221227a2
libarchive-devel-3.3.3-6.el8_10.x86_64.rpm SHA-256: 5450c70210cdbb3ed885da8ac6b9a4143b10b61eeb3410c246687b5b667be747

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
bsdcat-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: e022c8b028501e74f04a9240608769d853b56d87e4e4bf3b3f9f6df19e9aa8a8
bsdcpio-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 503d719eeac9d11f7b7473fd5da363ed6c49be93b76859565d58cd58b53965d9
bsdtar-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 7826e92af9b5ca569753fa38d18e43d7bd51ed5edd4a6811cb46b699805ac718
libarchive-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 6d84f0bee516a86953e099b47e28e5e0467ca4a0f1095c76f1fa575beee68d30
libarchive-debugsource-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 6d331aded935adfa899c5e510cdb071661875b0c358950d8a38fa79805c7c972
libarchive-devel-3.3.3-6.el8_10.ppc64le.rpm SHA-256: ffee148dcb29326e70405735bbddf1171722e96f5b3345f3fb19875c2a9bf32b

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
bsdcat-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 8df756f43a18dbc2d8df8eb2474af4b7e7e71db39329537954c47aec4f5cfc12
bsdcpio-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 805448856a3f874f62fa199db2bb050722da8f3141e021e174ebb3cad68ec54e
bsdtar-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: c63910e3af6b577d3a0e2f3434fc8c3f2b1965cb8fc7aef0c41fe8c6c2297330
libarchive-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 7d703c4fea022d7e63a4ab12eb664438b9b16fb44dc7a1221dc16f543a608f6f
libarchive-debugsource-3.3.3-6.el8_10.aarch64.rpm SHA-256: a06dca5f659bfa00584444ff6e9325ff4e926b784b2a09f78b63b3095b7de601
libarchive-devel-3.3.3-6.el8_10.aarch64.rpm SHA-256: 6f70c17f6e0aacd03a72e5cb49b6614c17876eb804ee1ee012ba8cb843e6c46d

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
bsdcat-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 412080d8562ed829151015e06ab67319749704f869c7942656a81bdb708d6578
bsdcpio-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 35051a1c139081a89e774bcf3c6be0b39f472f9d1e31a70412d2ab8a0dfeca98
bsdtar-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 9cb15a82f80faf738e3bd362beadd375928f892fef1ecff7b5e1e2bc380ae01d
libarchive-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: bbdaf42fdf012de7f22b850cc20f422e6e046c097ed9f9a547b453ab201e7baa
libarchive-debugsource-3.3.3-6.el8_10.s390x.rpm SHA-256: 651a1a3577691d60167f5b4a0d5d828f84e2a77e411fb918dcb012eea93571fe
libarchive-devel-3.3.3-6.el8_10.s390x.rpm SHA-256: c41dc595b88bb2d185c573fa8e704f24b728f432a5c68ab9b53d22c41ac34eee

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
libarchive-3.3.3-6.el8_10.src.rpm SHA-256: 411f2b5c7c8b0465e3d4c6dd1e91c6db56ed564f54ac3e100114cb9a86b0fcab
x86_64
bsdcat-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: 39b57ec1511a83d87b207ef4fc8baa15e2efe2d656ad7662b300af7c6168a329
bsdcat-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: cb3b2f69ed748f7d10511d8ec0535037b210a0f5a6f0c1370b0834911362445b
bsdcpio-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: 07f3e673497d2b8ba23db4b188c06de5bd499505dc428530a5ba47bed385fce8
bsdcpio-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: b18e4481a4aa24ea4ce232d354a73a1dfa534f98508881c42dc7d8780476806b
bsdtar-3.3.3-6.el8_10.x86_64.rpm SHA-256: 907c4f95e0078837717a30f25ece542b2f68468f8da7f1f634239b76d8b78706
bsdtar-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: e3f844a8a5446821f391f27f4467cc4064ed43fc1a014334e753f6e675e89b74
bsdtar-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: cd19626c23b629255a2db4439178d6da06576f3f82334e1036303abde431e2ec
libarchive-3.3.3-6.el8_10.i686.rpm SHA-256: 25b676139644f8f39eddf0a6d5ac02dba1e0da6a2311fe08b0b22decce62b461
libarchive-3.3.3-6.el8_10.x86_64.rpm SHA-256: d9896589fde144ea8a2eb6e489862bdbd99a02489c2519f10428e029ff68dcb9
libarchive-debuginfo-3.3.3-6.el8_10.i686.rpm SHA-256: c58184bdda2f0058e73a48e471503e8d7bc838c734e0651170e4144c4cf527ea
libarchive-debuginfo-3.3.3-6.el8_10.x86_64.rpm SHA-256: 04cb501520d36fcb8cac52a83c5757ef49e271e0919f43e31d482bc29c8eb1b5
libarchive-debugsource-3.3.3-6.el8_10.i686.rpm SHA-256: 8058dcdbf3f3b94e93c496992d6fb8f86b2b67584d9dd8379a2f75a5dff8b04e
libarchive-debugsource-3.3.3-6.el8_10.x86_64.rpm SHA-256: efc09185ef44eef15730c8332813f25a4a25d5bf77cc835d65ebe8e1e96fd5a7

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
libarchive-3.3.3-6.el8_10.src.rpm SHA-256: 411f2b5c7c8b0465e3d4c6dd1e91c6db56ed564f54ac3e100114cb9a86b0fcab
aarch64
bsdcat-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 8df756f43a18dbc2d8df8eb2474af4b7e7e71db39329537954c47aec4f5cfc12
bsdcpio-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 805448856a3f874f62fa199db2bb050722da8f3141e021e174ebb3cad68ec54e
bsdtar-3.3.3-6.el8_10.aarch64.rpm SHA-256: 953bef085f7cd5b2b417cb8435330ea2fe3d0dfaa2ab06bf27996eb3efbd242f
bsdtar-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: c63910e3af6b577d3a0e2f3434fc8c3f2b1965cb8fc7aef0c41fe8c6c2297330
libarchive-3.3.3-6.el8_10.aarch64.rpm SHA-256: 27ad5c21d4de008be6dcfd0e4264495ed568663057ce5a317ca1017b330d67e7
libarchive-debuginfo-3.3.3-6.el8_10.aarch64.rpm SHA-256: 7d703c4fea022d7e63a4ab12eb664438b9b16fb44dc7a1221dc16f543a608f6f
libarchive-debugsource-3.3.3-6.el8_10.aarch64.rpm SHA-256: a06dca5f659bfa00584444ff6e9325ff4e926b784b2a09f78b63b3095b7de601

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
libarchive-3.3.3-6.el8_10.src.rpm SHA-256: 411f2b5c7c8b0465e3d4c6dd1e91c6db56ed564f54ac3e100114cb9a86b0fcab
ppc64le
bsdcat-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: e022c8b028501e74f04a9240608769d853b56d87e4e4bf3b3f9f6df19e9aa8a8
bsdcpio-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 503d719eeac9d11f7b7473fd5da363ed6c49be93b76859565d58cd58b53965d9
bsdtar-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 6b79771ae01caab0d9d826b10dfd654efe06035b80935dcb1ee7ae09174684c8
bsdtar-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 7826e92af9b5ca569753fa38d18e43d7bd51ed5edd4a6811cb46b699805ac718
libarchive-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 3aa9daf34945b0133c7fd8d87965826b25e033025e4d48ffeb74dbb58df29287
libarchive-debuginfo-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 6d84f0bee516a86953e099b47e28e5e0467ca4a0f1095c76f1fa575beee68d30
libarchive-debugsource-3.3.3-6.el8_10.ppc64le.rpm SHA-256: 6d331aded935adfa899c5e510cdb071661875b0c358950d8a38fa79805c7c972

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
libarchive-3.3.3-6.el8_10.src.rpm SHA-256: 411f2b5c7c8b0465e3d4c6dd1e91c6db56ed564f54ac3e100114cb9a86b0fcab
s390x
bsdcat-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 412080d8562ed829151015e06ab67319749704f869c7942656a81bdb708d6578
bsdcpio-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 35051a1c139081a89e774bcf3c6be0b39f472f9d1e31a70412d2ab8a0dfeca98
bsdtar-3.3.3-6.el8_10.s390x.rpm SHA-256: 037e11ef1e5a93cbc5ac0ac9b66d0d933060f25c647652cf47387a9ed0d347cc
bsdtar-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: 9cb15a82f80faf738e3bd362beadd375928f892fef1ecff7b5e1e2bc380ae01d
libarchive-3.3.3-6.el8_10.s390x.rpm SHA-256: 49d820bd623c6eb8465d785b110c0989fd280bb598f46c0b511deed2a5746cf9
libarchive-debuginfo-3.3.3-6.el8_10.s390x.rpm SHA-256: bbdaf42fdf012de7f22b850cc20f422e6e046c097ed9f9a547b453ab201e7baa
libarchive-debugsource-3.3.3-6.el8_10.s390x.rpm SHA-256: 651a1a3577691d60167f5b4a0d5d828f84e2a77e411fb918dcb012eea93571fe

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.