stable

7zip-25.01-1.fc43

FEDORA-2025-b6422d64f9 created by salimma 5 months ago for Fedora 43

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-b6422d64f9

This update has been submitted for testing by salimma.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago
User Icon dcavalca provided feedback 5 months ago
karma
BZ#2376517 7zip-25.01 is available
BZ#2381822 CVE-2025-53817 7zip: 7-Zip Null pointer array write [epel-10]
BZ#2381825 CVE-2025-53816 7zip: 7-Zip heap buffer overflow [epel-10]
BZ#2387643 CVE-2025-55188 7zip: 7-Zip Symbolic Link Extraction Vulnerability [epel-10]
BZ#2412315 7z echoes a supplied password
BZ#2416899 CVE-2025-11001 7zip: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [epel-10]
BZ#2416900 CVE-2025-11001 7zip: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-43]
User Icon ngompa provided feedback 5 months ago
karma
BZ#2376517 7zip-25.01 is available
BZ#2381822 CVE-2025-53817 7zip: 7-Zip Null pointer array write [epel-10]
BZ#2381825 CVE-2025-53816 7zip: 7-Zip heap buffer overflow [epel-10]
BZ#2387643 CVE-2025-55188 7zip: 7-Zip Symbolic Link Extraction Vulnerability [epel-10]
BZ#2412315 7z echoes a supplied password
BZ#2416899 CVE-2025-11001 7zip: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [epel-10]
BZ#2416900 CVE-2025-11001 7zip: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-43]

This update has been submitted for stable by bodhi.

5 months ago

This update has been pushed to stable.

5 months ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
5 months ago
in stable
5 months ago
approved
5 months ago
Builds
1
7zip-25.01-1.fc43
BZ#2376517 7zip-25.01 is available
0
2
BZ#2381822 CVE-2025-53817 7zip: 7-Zip Null pointer array write [epel-10]
0
2
BZ#2381825 CVE-2025-53816 7zip: 7-Zip heap buffer overflow [epel-10]
0
2
BZ#2387643 CVE-2025-55188 7zip: 7-Zip Symbolic Link Extraction Vulnerability [epel-10]
0
2
BZ#2412315 7z echoes a supplied password
0
2
BZ#2416899 CVE-2025-11001 7zip: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [epel-10]
0
2
BZ#2416900 CVE-2025-11001 7zip: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-43]
0
2
7zip-25.01-1.fc43

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-21-hmlh5.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy