[ALSA-2026:8534] Important: libarchive security update
Type:
security
Severity:
important
Release date:
2026-04-20
Description:
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424) * libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 libarchive-devel-3.3.3-7.el8_10.aarch64.rpm 075eb379e94b802cad46301adfe69d79b10af8008f8826d872ac81591100f9f0
aarch64 bsdtar-3.3.3-7.el8_10.aarch64.rpm 9e74695cae90cf2c47a448bd4af0ffa6d1fe35b579c7fd3bbfdb1791439682ea
aarch64 libarchive-3.3.3-7.el8_10.aarch64.rpm e5ecbd252a7a6bb94dd5ebcdbd3642213c45024054bdcf8415ae9165a7cf9e42
i686 libarchive-3.3.3-7.el8_10.i686.rpm 6167994c3edd600744b661ef20aaaa81d54431a0876966476a5c2295367fe7df
i686 libarchive-devel-3.3.3-7.el8_10.i686.rpm ba84acae8ba81de42746b27e32581b362ca4fca13dea2fba3ac25cb33df0fae3
ppc64le libarchive-3.3.3-7.el8_10.ppc64le.rpm 5b6a8e81901299a56e3eddc573dda0486e3000f810581aa87540292d236c19bf
ppc64le libarchive-devel-3.3.3-7.el8_10.ppc64le.rpm ad17d692b85b593950dc788927686a0b09606124564db3f1999ca912206260b9
ppc64le bsdtar-3.3.3-7.el8_10.ppc64le.rpm b72aac61066d4ad1b21fdd2dd53175067bda1ab70c9f104401d115cdecfcfde3
s390x libarchive-devel-3.3.3-7.el8_10.s390x.rpm 6f7aa68b5ec426dd44a9de559a1e27afbee8290606a3ed53305daa23610839a0
s390x bsdtar-3.3.3-7.el8_10.s390x.rpm 8ff65c5c594570d1a04e06739d6b80eb016523785b972f91e91edc2268b515c4
s390x libarchive-3.3.3-7.el8_10.s390x.rpm 9ae1b4e180eaaccea298949702c136dc3061a90ea35d71fa28d3fbc965abca4e
x86_64 libarchive-3.3.3-7.el8_10.x86_64.rpm 031ea6c9f9af8a18bc79d48dacdfdb38103bd942ef2996837f57326791b1bbcf
x86_64 libarchive-devel-3.3.3-7.el8_10.x86_64.rpm 706e08f6ced5cc105367cc44b69e2bfc06b864253a0c2962b0c5d5ea428df801
x86_64 bsdtar-3.3.3-7.el8_10.x86_64.rpm fca3ff7fc799a2f1a1ba3beea987efdfc9c73f7a92c5469113a0d74b8bcd5da2
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.