Security update for 7zip SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20273-1 Final 1 1 2026-02-26T11:53:30Z current 2026-02-26T11:53:30Z 2026-02-26T11:53:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for 7zip This update for 7zip fixes the following issues: - Update to 25.01 (boo#1249130) * The code for handling symbolic links has been changed to provide greater security when extracting files from archives * Command line switch -snld20 can be used to bypass default security checks when creating symbolic links. - Update to 25.00: * bzip2 compression speed was increased by 15-40%. * deflate (zip/gz) compression speed was increased by 1-3%. * improved support for zip, cpio and fat archives. * CVE-2025-53816: Fixed input manipulation leading to heap buffer overflow (bsc#1246706) * CVE-2025-53817: Fixed null pointer dereference leading to denial of service (bsc#1246707) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-315 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1246706 SUSE Bug 1246706 https://bugzilla.suse.com/1246707 SUSE Bug 1246707 https://bugzilla.suse.com/1249130 SUSE Bug 1249130 https://www.suse.com/security/cve/CVE-2025-53816/ SUSE CVE CVE-2025-53816 page https://www.suse.com/security/cve/CVE-2025-53817/ SUSE CVE CVE-2025-53817 page openSUSE Leap 16.0 7zip-25.01-160000.1.1 7zip-25.01-160000.1.1 as a component of openSUSE Leap 16.0 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue. CVE-2025-53816 openSUSE Leap 16.0:7zip-25.01-160000.1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-53816.html CVE-2025-53816 https://bugzilla.suse.com/1246706 SUSE Bug 1246706 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue. CVE-2025-53817 openSUSE Leap 16.0:7zip-25.01-160000.1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-53817.html CVE-2025-53817 https://bugzilla.suse.com/1246707 SUSE Bug 1246707