Amazon Linux 2023 Security Advisory: ALAS2023-2025-1022
Advisory Released Date: 2025-06-23
Advisory Updated Date: 2025-06-23
Severity:
Important
Issue Overview:
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. (CVE-2025-5914)
Affected Packages:
libarchive
Issue Correction:
Run dnf update libarchive --releasever 2023.7.20250623 to update your system.
New Packages:
aarch64:
bsdcpio-debuginfo-3.7.4-2.amzn2023.0.3.aarch64
bsdtar-debuginfo-3.7.4-2.amzn2023.0.3.aarch64
bsdcpio-3.7.4-2.amzn2023.0.3.aarch64
libarchive-debugsource-3.7.4-2.amzn2023.0.3.aarch64
bsdunzip-debuginfo-3.7.4-2.amzn2023.0.3.aarch64
libarchive-debuginfo-3.7.4-2.amzn2023.0.3.aarch64
libarchive-3.7.4-2.amzn2023.0.3.aarch64
libarchive-devel-3.7.4-2.amzn2023.0.3.aarch64
bsdunzip-3.7.4-2.amzn2023.0.3.aarch64
bsdcat-debuginfo-3.7.4-2.amzn2023.0.3.aarch64
bsdcat-3.7.4-2.amzn2023.0.3.aarch64
bsdtar-3.7.4-2.amzn2023.0.3.aarch64
src:
libarchive-3.7.4-2.amzn2023.0.3.src
x86_64:
bsdtar-3.7.4-2.amzn2023.0.3.x86_64
bsdcat-debuginfo-3.7.4-2.amzn2023.0.3.x86_64
bsdtar-debuginfo-3.7.4-2.amzn2023.0.3.x86_64
bsdcpio-3.7.4-2.amzn2023.0.3.x86_64
bsdunzip-debuginfo-3.7.4-2.amzn2023.0.3.x86_64
bsdcat-3.7.4-2.amzn2023.0.3.x86_64
libarchive-debuginfo-3.7.4-2.amzn2023.0.3.x86_64
libarchive-devel-3.7.4-2.amzn2023.0.3.x86_64
bsdcpio-debuginfo-3.7.4-2.amzn2023.0.3.x86_64
bsdunzip-3.7.4-2.amzn2023.0.3.x86_64
libarchive-3.7.4-2.amzn2023.0.3.x86_64
libarchive-debugsource-3.7.4-2.amzn2023.0.3.x86_64