{"affected":[{"ecosystem_specific":{"binaries":[{"7zip":"25.01-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"7zip","purl":"pkg:rpm/opensuse/7zip&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"25.01-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for 7zip fixes the following issues:\n\n- Update to 25.01 (boo#1249130)\n  * The code for handling symbolic links has been changed to\n    provide greater security when extracting files from archives\n  * Command line switch -snld20 can be used to bypass default\n    security checks when creating symbolic links.\n\n- Update to 25.00:\n  * bzip2 compression speed was increased by 15-40%.\n  * deflate (zip/gz) compression speed was increased by 1-3%.\n  * improved support for zip, cpio and fat archives.\n  * CVE-2025-53816: Fixed input manipulation leading\n    to heap buffer overflow (bsc#1246706)\n  * CVE-2025-53817: Fixed null pointer dereference leading\n    to denial of service (bsc#1246707)\n","id":"openSUSE-SU-2026:20273-1","modified":"2026-02-26T11:53:30Z","published":"2026-02-26T11:53:30Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1246706"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246707"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-53816"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-53817"}],"related":["CVE-2025-53816","CVE-2025-53817"],"summary":"Security update for 7zip","upstream":["CVE-2025-53816","CVE-2025-53817"]}