Issued:: 2025-08-25
Updated:: 2025-08-25

RHSA-2025:14528 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libarchive security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libarchive is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.

Security Fix(es):

libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2370861 - CVE-2025-5914 libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

CVEs

CVE-2025-5914

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
libarchive-3.3.2-8.el8_2.1.src.rpm	SHA-256: 9cff274b8d46c7967189ed8d311608188b46a101b0e016214ab07f4684272e34
x86_64
bsdcat-debuginfo-3.3.2-8.el8_2.1.i686.rpm	SHA-256: 7aada600ac364a3b016ba7e7a4b8440a52dd29651ea85dac1df8d38d6c4dbb63
bsdcat-debuginfo-3.3.2-8.el8_2.1.x86_64.rpm	SHA-256: f79a36007ae78bb4472402a28f4c3d6a0058b0a659f8b0aaa19f97fdca9c376b
bsdcpio-debuginfo-3.3.2-8.el8_2.1.i686.rpm	SHA-256: 1209264c61044a644c09665ba7334374f98a803d18beacf2725a89440674e20b
bsdcpio-debuginfo-3.3.2-8.el8_2.1.x86_64.rpm	SHA-256: adec9da655773a0bd8dd2fa299c5046b6f9feadf83897b46cbfe9c31fb7d913d
bsdtar-3.3.2-8.el8_2.1.x86_64.rpm	SHA-256: 249555846b2da8c36a2f2eb0b23ca40cfdf98c74c9befaa3988cfcf358dab790
bsdtar-debuginfo-3.3.2-8.el8_2.1.i686.rpm	SHA-256: 4dfaee118ae26eb3eab431a747d920b82df26f6c97657fabeaf43568cd3d296e
bsdtar-debuginfo-3.3.2-8.el8_2.1.x86_64.rpm	SHA-256: 92cf4c922222608ad1832cc13fda5025f146751399879cd59cec59ff281671d2
libarchive-3.3.2-8.el8_2.1.i686.rpm	SHA-256: 0010aac5b1065307f00abba6aa2943fbeb092e0406aceae0584f609fa4e6ea7c
libarchive-3.3.2-8.el8_2.1.x86_64.rpm	SHA-256: cd823da1aa77cc6a4b6c033e30459dc5c92a2899b20e3844576a208508cab40d
libarchive-debuginfo-3.3.2-8.el8_2.1.i686.rpm	SHA-256: d3a37c79ead3acc45a8092d30a0e6c2fb20cb0dae90d4b3145e565e6ca35c20b
libarchive-debuginfo-3.3.2-8.el8_2.1.x86_64.rpm	SHA-256: 86c4bc63d62eebde9d51ab6023090061b928150821c31eb35572fb04cb416d17
libarchive-debugsource-3.3.2-8.el8_2.1.i686.rpm	SHA-256: 799169decb6086948e5cf868480cfc6c91e122c3f22be0d0e1d13af75f9e692a
libarchive-debugsource-3.3.2-8.el8_2.1.x86_64.rpm	SHA-256: 71d2f316124880259411ba7bdb2ca50f2229029f1433f7a0a635a400bf96f54d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation