[ALSA-2026:5063] Important: libarchive security update
Type:
security
Severity:
important
Release date:
2026-03-20
Description:
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive (CVE-2026-4111) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 bsdtar-3.7.7-5.el10_1.aarch64.rpm a372554e6666b63cb4bb7a2ceb67701c0dc63cc0a7d82d86ca25619315e98405
aarch64 libarchive-devel-3.7.7-5.el10_1.aarch64.rpm b25707e4bbc341e5818322223c6b298eeb5ec9a14e09c8142dd2d59d9a994860
aarch64 libarchive-3.7.7-5.el10_1.aarch64.rpm d4815c4e892a43f6874dbc00aeb44e32943ed298f7849439bc7c7a7e8087536d
ppc64le bsdtar-3.7.7-5.el10_1.ppc64le.rpm ba42da3b78d9f0918a17888e6f856a871ff08a52d1e0206a38a63088666b8def
ppc64le libarchive-3.7.7-5.el10_1.ppc64le.rpm c80f2e8495839e5eb203c361ae70754cbe1b3b3de05031a97030ba8e9ab57369
ppc64le libarchive-devel-3.7.7-5.el10_1.ppc64le.rpm d8156978ebe577229ad25ec29cc63c0ddbab49e1656c5290d0017ed83603763d
s390x libarchive-3.7.7-5.el10_1.s390x.rpm 6ed31a3055b2f5ee148b8d7fa961dc973022b371995b5e717278232397228df2
s390x libarchive-devel-3.7.7-5.el10_1.s390x.rpm 8d3be98be2d491bd23c395ade1dd8f39f9478049461a84d94ad639feb621ebe8
s390x bsdtar-3.7.7-5.el10_1.s390x.rpm a0c8da6150d056a08a2935b308f02c0b50d81d803641a5a80f7ed4182c5aa9ff
x86_64 libarchive-devel-3.7.7-5.el10_1.x86_64.rpm 06667ea728e21eff7f8a78956737a2f6851a2b9bcaf5eccbfd73fb673ef52338
x86_64 bsdtar-3.7.7-5.el10_1.x86_64.rpm 6d80ccde7431860341c88a69c9c6a98b83fd79dd6d85ac443b33b3c3d8a3cf32
x86_64 libarchive-3.7.7-5.el10_1.x86_64.rpm 9f1c07f7dbccc3bb5b7a36f95f41820eb07fe63068964ae6c9692e9fcac22ae6
x86_64_v2 bsdtar-3.7.7-5.el10_1.x86_64_v2.rpm 10882ce965d28548353ce01ea761430227dd6e13f6179ee7d1c67d84d87f18a4
x86_64_v2 libarchive-3.7.7-5.el10_1.x86_64_v2.rpm 37d828765ee6210e302b084420f12ab319ae4f30d1231faf11c5360b59328c96
x86_64_v2 libarchive-devel-3.7.7-5.el10_1.x86_64_v2.rpm 8b4f1b8e57dd2c4a836aa7d501ff3bba497b145368e2975da12faf98e4fd4251
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.