7zip and Firebird updates for SUSE

SUSE 5495 Published by

The openSUSE-SU-2025:0339-1 update fixes two vulnerabilities and an errata for 7zip, which is now at version 25.01. This update improves handling of symbolic links and bypasses default security checks when creating them, among other changes. In contrast, the SUSE-SU-2025:03095-1 update addresses a single vulnerability in Firebird, specifically CVE-2017-11509, which allowed authenticated remote code execution via external functions.

openSUSE-SU-2025:0339-1: moderate: Security update for 7zip
SUSE-SU-2025:03095-1: important: Security update for firebird




openSUSE-SU-2025:0339-1: moderate: Security update for 7zip


openSUSE Security Update: Security update for 7zip
_______________________________

Announcement ID: openSUSE-SU-2025:0339-1
Rating: moderate
References: #1246706 #1246707 #1249130
Cross-References: CVE-2025-53816 CVE-2025-53817
CVSS scores:
CVE-2025-53816 (SUSE): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CVE-2025-53817 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products:
openSUSE Leap 15.6
_______________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for 7zip fixes the following issues:

- Update to 25.01 (boo#1249130)
* The code for handling symbolic links has been changed to provide
greater security when extracting files from archives
* Command line switch -snld20 can be used to bypass default security
checks when creating symbolic links.
- includes changes from 25.00:
* bzip2 compression speed was increased by 15-40%.
* deflate (zip/gz) compression speed was increased by 1-3%.
* improved support for zip, cpio and fat archives.
* CVE-2025-53816 : 7-Zip could work incorrectly for some incorrect RAR
archives (boo#1246706)
* CVE-2025-53817 : 7-Zip could crash for some incorrect COM (Compound
File) archives (boo#1246707)

- Update to 24.09:
* The default dictionary size values for LZMA/LZMA2 compression methods
were increased
* 7-Zip now can calculate the following hash checksums: SHA-512,
SHA-384, SHA3-256 and MD5.
* APM and HFS support was improved.
* If an archive update operation uses a temporary archive folder and the
archive is moved to the destination folder, 7-Zip shows the progress
of moving the archive file, as this operation can take a long time if
the archive is large.
* The bug was fixed: 7-Zip File Manager didn't propagate Zone.Identifier
stream for extracted files from nested archives (if there is open
archive inside another open archive).
* Some bugs were fixed.

- update to 24.08:
* No longer write extra zero bytes after the end of the archive, if a
file included to archive cannot be compressed to a size smaller than
original
* Some optimizations for displaying file icons in 7-Zip File Manager and
in "Confirm File Replace" window.
* Some bugs were fixed

- Update to 24.07:
* The bug was fixed: 7-Zip could crash for some incorrect ZSTD archives.

- Update to 24.06:
* The bug was fixed: 7-Zip could not unpack some ZSTD archives.

- update to 24.05:
* New switch -myv=.. to set decoder compatibility version for 7z archive
creating
* New switches -myfa and -myfd to allow or disallow the specified filter
method for 7z archive creating
* can use new RISCV filter for compression to 7z and xz archives
* can ask user permission to unpack RAR archives that require large
amount of memory
* new switch -smemx{size}g : to set allowed memory usage limit for RAR
archive unpacking.
* -y switch disables user requests and messages.
* -slmu switch : to show timestamps as UTC instead of LOCAL TIME
* support .sha256 files that use backslash path separator '\'
* can unpack ZSTD archives (.zst filename extension).
* can unpack ZIP, SquashFS and RPM archives that use ZSTD compression
method.
* support fast hash algorithm XXH64 that is used in ZSTD.
* can unpack RAR archives (that use larger than 4 GB dictionary) created
by new WinRAR 7.00.
* can unpack DMG archives that use XZ (ULMO/LZMA) compression method
* can unpack NTFS images with cluster size larger than 64 KB.
* can unpack MBR and GDP images with 4 KB sectors.
* Speed optimizations for archive unpacking: rar, cab, wim, zip, gz.
* Speed optimizations for hash caclulation: CRC-32, CRC-64, BLAKE2sp.
* Fix multivolume creation in some cases
* bug fixs

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.6:

zypper in -t patch openSUSE-2025-339=1

Package List:

- openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64):

7zip-25.01-lp156.2.3.1

References:

https://www.suse.com/security/cve/CVE-2025-53816.html
https://www.suse.com/security/cve/CVE-2025-53817.html
https://bugzilla.suse.com/1246706
https://bugzilla.suse.com/1246707
https://bugzilla.suse.com/1249130



SUSE-SU-2025:03095-1: important: Security update for firebird


# Security update for firebird

Announcement ID: SUSE-SU-2025:03095-1
Release Date: 2025-09-08T13:38:56Z
Rating: important
References:

* bsc#1087421

Cross-References:

* CVE-2017-11509

CVSS scores:

* CVE-2017-11509 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2017-11509 ( SUSE ): 9.9 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2017-11509 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for firebird fixes the following issues:

* CVE-2017-11509: authenticated remote code execution via the definition
external functions that don't match the original definition of the entry
point (bsc#1087421).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3095=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3095=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3095=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* firebird-utils-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-debugsource-3.0.4.33054-150200.3.6.1
* firebird-examples-3.0.4.33054-150200.3.6.1
* libfbclient2-3.0.4.33054-150200.3.6.1
* libib_util-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-server-3.0.4.33054-150200.3.6.1
* libib_util-3.0.4.33054-150200.3.6.1
* libfbclient-devel-3.0.4.33054-150200.3.6.1
* firebird-3.0.4.33054-150200.3.6.1
* firebird-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-utils-3.0.4.33054-150200.3.6.1
* firebird-server-debuginfo-3.0.4.33054-150200.3.6.1
* libib_util-devel-3.0.4.33054-150200.3.6.1
* libfbclient2-debuginfo-3.0.4.33054-150200.3.6.1
* openSUSE Leap 15.6 (noarch)
* firebird-doc-3.0.4.33054-150200.3.6.1
* openSUSE Leap 15.6 (x86_64)
* libib_util-32bit-3.0.4.33054-150200.3.6.1
* libfbclient2-32bit-3.0.4.33054-150200.3.6.1
* libfbclient2-32bit-debuginfo-3.0.4.33054-150200.3.6.1
* libib_util-32bit-debuginfo-3.0.4.33054-150200.3.6.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* firebird-utils-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-debugsource-3.0.4.33054-150200.3.6.1
* firebird-examples-3.0.4.33054-150200.3.6.1
* libfbclient2-3.0.4.33054-150200.3.6.1
* libib_util-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-server-3.0.4.33054-150200.3.6.1
* libib_util-3.0.4.33054-150200.3.6.1
* libfbclient-devel-3.0.4.33054-150200.3.6.1
* firebird-3.0.4.33054-150200.3.6.1
* firebird-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-utils-3.0.4.33054-150200.3.6.1
* firebird-server-debuginfo-3.0.4.33054-150200.3.6.1
* libib_util-devel-3.0.4.33054-150200.3.6.1
* libfbclient2-debuginfo-3.0.4.33054-150200.3.6.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* firebird-utils-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-debugsource-3.0.4.33054-150200.3.6.1
* firebird-examples-3.0.4.33054-150200.3.6.1
* libfbclient2-3.0.4.33054-150200.3.6.1
* libib_util-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-server-3.0.4.33054-150200.3.6.1
* libib_util-3.0.4.33054-150200.3.6.1
* libfbclient-devel-3.0.4.33054-150200.3.6.1
* firebird-3.0.4.33054-150200.3.6.1
* firebird-debuginfo-3.0.4.33054-150200.3.6.1
* firebird-utils-3.0.4.33054-150200.3.6.1
* firebird-server-debuginfo-3.0.4.33054-150200.3.6.1
* libib_util-devel-3.0.4.33054-150200.3.6.1
* libfbclient2-debuginfo-3.0.4.33054-150200.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2017-11509.html
* https://bugzilla.suse.com/show_bug.cgi?id=1087421


Libhtp and OpenAFS updates for Debian 11 LTS

AMD Releases Adrenalin 25.9.1 Software Update

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...