-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4577-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 11, 2026 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : p7zip-rar Version : 16.02+really25.00+ds-0+deb11u1 CVE ID : CVE-2025-53816 Debian Bug : 1109494 Jaroslav Lobačevski from GitHub Security Lab discovered a memory corruption vulnerability in the RAR module of p7zip, a now unmaintained fork of 7-Zip, a file archiver handling multiple formats. It is unlikely it could lead to arbitrary code execution, but it may lead to denial of service. To address this vulnerability, whose fix is unfortunately not isolated, and to remain compatible with the new p7zip package (DLA-4576-1), this update replaces the p7zip code base with 7-Zip v25 (which now supports GNU/Linux natively), slightly modified to make it reasonably compatible with p7zip. For Debian 11 bullseye, this problem has been fixed in version 16.02+really25.00+ds-0+deb11u1. We recommend that you upgrade your p7zip-rar packages. For the detailed security status of p7zip-rar please refer to its security tracker page at: https://security-tracker.debian.org/tracker/p7zip-rar Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmoB5EsACgkQDTl9HeUl XjBj/g//UHRUIBCdzDE1sEtsqVA53EvKXeZZLIYPX2Trn2YfBRXLB7vjxzgP2ffL EHEu1dNnkIAUAaRHUAf4zWUvMq3kIKoKR8tSkMvItGPgMeRvJ2B1HVF59xbmyjGu oPqINvJisdKieP4cqdaYXWwVIN3NaEiHYBwzIZ9K79xjVqWi0D9uQR8Lq1OHqtsO YTQ2UlBAoGB5cPSqROt5CkqnHjkMih2I6fS1teTw26ihkILBz2OZYQBs5gUuPbb7 zGF0OG6JiJkp4O8IgQ5DZlaxApcUxN76raOWM3HIZPloSt068N3YshwBtelfh47l /dBoT9D1wYYde2Yo+5H8IaEEAIJYjIFidLGF1svbzBmp6WBmJPIcyRpLx00+oL2o hkHEKl+VKBxHinJUbz0eryxIbgWbf0ViTiHkzuLiDp3fyEuIUXo/KuPaH4ZGemKL BX/f9+kbR7P6ViI/2ytXo3DepLRrEGb4UanuAe8Fn76UkoGtD/iglzQQzDjSZZvv 9GHVLlOOYrCzC2xaHK7QhYDC3tejfIf1n/2Q9K0889E1kPr6MS3Tt449AL1Ykhau dxx1ZMFM5q6HluoO8AgvK7AzOH/jepCgyYMw0e+PfjL7pEhU78rYhN15Dqz1SeJO 59JrFEKWv+fC9OSYAO5mf4xS+T4HlRjzIYWRkTEK5PHvZg1Fino= =VJ6w -----END PGP SIGNATURE-----
