{"schema_version":"1.7.2","id":"OESA-2026-1853","modified":"2026-04-11T14:03:49Z","published":"2026-04-11T14:03:49Z","upstream":["CVE-2026-34743"],"summary":"xz security update","details":"XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils.\r\n\r\nSecurity Fix(es):\n\nXZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.(CVE-2026-34743)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"xz","purl":"pkg:rpm/openEuler/xz&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.5-5.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["xz-5.2.5-5.oe2003sp4.aarch64.rpm","xz-debuginfo-5.2.5-5.oe2003sp4.aarch64.rpm","xz-debugsource-5.2.5-5.oe2003sp4.aarch64.rpm","xz-devel-5.2.5-5.oe2003sp4.aarch64.rpm","xz-libs-5.2.5-5.oe2003sp4.aarch64.rpm","xz-lzma-compat-5.2.5-5.oe2003sp4.aarch64.rpm"],"noarch":["xz-help-5.2.5-5.oe2003sp4.noarch.rpm"],"src":["xz-5.2.5-5.oe2003sp4.src.rpm"],"x86_64":["xz-5.2.5-5.oe2003sp4.x86_64.rpm","xz-debuginfo-5.2.5-5.oe2003sp4.x86_64.rpm","xz-debugsource-5.2.5-5.oe2003sp4.x86_64.rpm","xz-devel-5.2.5-5.oe2003sp4.x86_64.rpm","xz-libs-5.2.5-5.oe2003sp4.x86_64.rpm","xz-lzma-compat-5.2.5-5.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"xz","purl":"pkg:rpm/openEuler/xz&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.5-5.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["xz-5.2.5-5.oe2203sp4.aarch64.rpm","xz-debuginfo-5.2.5-5.oe2203sp4.aarch64.rpm","xz-debugsource-5.2.5-5.oe2203sp4.aarch64.rpm","xz-devel-5.2.5-5.oe2203sp4.aarch64.rpm","xz-libs-5.2.5-5.oe2203sp4.aarch64.rpm","xz-lzma-compat-5.2.5-5.oe2203sp4.aarch64.rpm"],"noarch":["xz-help-5.2.5-5.oe2203sp4.noarch.rpm"],"src":["xz-5.2.5-5.oe2203sp4.src.rpm"],"x86_64":["xz-5.2.5-5.oe2203sp4.x86_64.rpm","xz-debuginfo-5.2.5-5.oe2203sp4.x86_64.rpm","xz-debugsource-5.2.5-5.oe2203sp4.x86_64.rpm","xz-devel-5.2.5-5.oe2203sp4.x86_64.rpm","xz-libs-5.2.5-5.oe2203sp4.x86_64.rpm","xz-lzma-compat-5.2.5-5.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"xz","purl":"pkg:rpm/openEuler/xz&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.7-8.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["xz-5.4.7-8.oe2403.aarch64.rpm","xz-debuginfo-5.4.7-8.oe2403.aarch64.rpm","xz-debugsource-5.4.7-8.oe2403.aarch64.rpm","xz-devel-5.4.7-8.oe2403.aarch64.rpm","xz-libs-5.4.7-8.oe2403.aarch64.rpm","xz-lzma-compat-5.4.7-8.oe2403.aarch64.rpm","xz-5.4.7-8.oe2403sp1.aarch64.rpm","xz-debuginfo-5.4.7-8.oe2403sp1.aarch64.rpm","xz-debugsource-5.4.7-8.oe2403sp1.aarch64.rpm","xz-devel-5.4.7-8.oe2403sp1.aarch64.rpm","xz-libs-5.4.7-8.oe2403sp1.aarch64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp1.aarch64.rpm","xz-5.4.7-8.oe2403sp2.aarch64.rpm","xz-debuginfo-5.4.7-8.oe2403sp2.aarch64.rpm","xz-debugsource-5.4.7-8.oe2403sp2.aarch64.rpm","xz-devel-5.4.7-8.oe2403sp2.aarch64.rpm","xz-libs-5.4.7-8.oe2403sp2.aarch64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp2.aarch64.rpm","xz-5.4.7-8.oe2403sp3.aarch64.rpm","xz-debuginfo-5.4.7-8.oe2403sp3.aarch64.rpm","xz-debugsource-5.4.7-8.oe2403sp3.aarch64.rpm","xz-devel-5.4.7-8.oe2403sp3.aarch64.rpm","xz-libs-5.4.7-8.oe2403sp3.aarch64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp3.aarch64.rpm"],"noarch":["xz-help-5.4.7-8.oe2403.noarch.rpm","xz-help-5.4.7-8.oe2403sp1.noarch.rpm","xz-help-5.4.7-8.oe2403sp2.noarch.rpm","xz-help-5.4.7-8.oe2403sp3.noarch.rpm"],"src":["xz-5.4.7-8.oe2403.src.rpm","xz-5.4.7-8.oe2403sp1.src.rpm","xz-5.4.7-8.oe2403sp2.src.rpm","xz-5.4.7-8.oe2403sp3.src.rpm"],"x86_64":["xz-5.4.7-8.oe2403.x86_64.rpm","xz-debuginfo-5.4.7-8.oe2403.x86_64.rpm","xz-debugsource-5.4.7-8.oe2403.x86_64.rpm","xz-devel-5.4.7-8.oe2403.x86_64.rpm","xz-libs-5.4.7-8.oe2403.x86_64.rpm","xz-lzma-compat-5.4.7-8.oe2403.x86_64.rpm","xz-5.4.7-8.oe2403sp1.x86_64.rpm","xz-debuginfo-5.4.7-8.oe2403sp1.x86_64.rpm","xz-debugsource-5.4.7-8.oe2403sp1.x86_64.rpm","xz-devel-5.4.7-8.oe2403sp1.x86_64.rpm","xz-libs-5.4.7-8.oe2403sp1.x86_64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp1.x86_64.rpm","xz-5.4.7-8.oe2403sp2.x86_64.rpm","xz-debuginfo-5.4.7-8.oe2403sp2.x86_64.rpm","xz-debugsource-5.4.7-8.oe2403sp2.x86_64.rpm","xz-devel-5.4.7-8.oe2403sp2.x86_64.rpm","xz-libs-5.4.7-8.oe2403sp2.x86_64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp2.x86_64.rpm","xz-5.4.7-8.oe2403sp3.x86_64.rpm","xz-debuginfo-5.4.7-8.oe2403sp3.x86_64.rpm","xz-debugsource-5.4.7-8.oe2403sp3.x86_64.rpm","xz-devel-5.4.7-8.oe2403sp3.x86_64.rpm","xz-libs-5.4.7-8.oe2403sp3.x86_64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"xz","purl":"pkg:rpm/openEuler/xz&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.7-8.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["xz-5.4.7-8.oe2403sp1.aarch64.rpm","xz-debuginfo-5.4.7-8.oe2403sp1.aarch64.rpm","xz-debugsource-5.4.7-8.oe2403sp1.aarch64.rpm","xz-devel-5.4.7-8.oe2403sp1.aarch64.rpm","xz-libs-5.4.7-8.oe2403sp1.aarch64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp1.aarch64.rpm"],"noarch":["xz-help-5.4.7-8.oe2403sp1.noarch.rpm"],"src":["xz-5.4.7-8.oe2403sp1.src.rpm"],"x86_64":["xz-5.4.7-8.oe2403sp1.x86_64.rpm","xz-debuginfo-5.4.7-8.oe2403sp1.x86_64.rpm","xz-debugsource-5.4.7-8.oe2403sp1.x86_64.rpm","xz-devel-5.4.7-8.oe2403sp1.x86_64.rpm","xz-libs-5.4.7-8.oe2403sp1.x86_64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP2","name":"xz","purl":"pkg:rpm/openEuler/xz&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.7-8.oe2403sp2"}]}],"ecosystem_specific":{"aarch64":["xz-5.4.7-8.oe2403sp2.aarch64.rpm","xz-debuginfo-5.4.7-8.oe2403sp2.aarch64.rpm","xz-debugsource-5.4.7-8.oe2403sp2.aarch64.rpm","xz-devel-5.4.7-8.oe2403sp2.aarch64.rpm","xz-libs-5.4.7-8.oe2403sp2.aarch64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp2.aarch64.rpm"],"noarch":["xz-help-5.4.7-8.oe2403sp2.noarch.rpm"],"src":["xz-5.4.7-8.oe2403sp2.src.rpm"],"x86_64":["xz-5.4.7-8.oe2403sp2.x86_64.rpm","xz-debuginfo-5.4.7-8.oe2403sp2.x86_64.rpm","xz-debugsource-5.4.7-8.oe2403sp2.x86_64.rpm","xz-devel-5.4.7-8.oe2403sp2.x86_64.rpm","xz-libs-5.4.7-8.oe2403sp2.x86_64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp2.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"xz","purl":"pkg:rpm/openEuler/xz&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.7-8.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["xz-5.4.7-8.oe2403sp3.aarch64.rpm","xz-debuginfo-5.4.7-8.oe2403sp3.aarch64.rpm","xz-debugsource-5.4.7-8.oe2403sp3.aarch64.rpm","xz-devel-5.4.7-8.oe2403sp3.aarch64.rpm","xz-libs-5.4.7-8.oe2403sp3.aarch64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp3.aarch64.rpm"],"noarch":["xz-help-5.4.7-8.oe2403sp3.noarch.rpm"],"src":["xz-5.4.7-8.oe2403sp3.src.rpm"],"x86_64":["xz-5.4.7-8.oe2403sp3.x86_64.rpm","xz-debuginfo-5.4.7-8.oe2403sp3.x86_64.rpm","xz-debugsource-5.4.7-8.oe2403sp3.x86_64.rpm","xz-devel-5.4.7-8.oe2403sp3.x86_64.rpm","xz-libs-5.4.7-8.oe2403sp3.x86_64.rpm","xz-lzma-compat-5.4.7-8.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1853"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34743"}],"database_specific":{"severity":"Critical"}}