ALSA-2026:5080

[ALSA-2026:5080] Important: libarchive security update

Type:

security

Severity:

important

Release date:

2026-03-20

Description:

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.  

Security Fix(es):  

  * libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive (CVE-2026-4111)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libarchive-3.5.3-7.el9_7.aarch64.rpm	56e8b787fa3edeab7b5fac4177a247dcf352c30d0671fe00098b2fdc4051b074
aarch64	libarchive-devel-3.5.3-7.el9_7.aarch64.rpm	d070e6c9ad78ce38537418e20629307d390ac6777b4b40a42d4a23c06cc1aa15
aarch64	bsdtar-3.5.3-7.el9_7.aarch64.rpm	ee37462021b042c7768ec650668e61ee5038467f00c6b75678d316564145cf70
i686	libarchive-devel-3.5.3-7.el9_7.i686.rpm	38b28db03f121acb4a90c09f5ec2093a75354257432c0f2a7c6e5d61b07725f2
i686	libarchive-3.5.3-7.el9_7.i686.rpm	c4edd81e298f9715d85566ad1a5a5ebaf0a801e8a96fd8210ce9161e71922a8c
ppc64le	libarchive-3.5.3-7.el9_7.ppc64le.rpm	0223c45cecb1cc19edbfbf98eae51f90636a3c4252a89c96f600b3082fbed0b1
ppc64le	libarchive-devel-3.5.3-7.el9_7.ppc64le.rpm	31950c78498f3f47ac2a9f614f7c79d3e13b1987e317f9c92b5a18ebdb8fed79
ppc64le	bsdtar-3.5.3-7.el9_7.ppc64le.rpm	d6c6c3516d2a6308609b9981d124ea1a031cda5421bac517f7912e9f4bb98e94
s390x	libarchive-3.5.3-7.el9_7.s390x.rpm	045bc36c56d4d5c7ca04f57853f5dd09ebc5ba485ebea516226ca927af910e48
s390x	bsdtar-3.5.3-7.el9_7.s390x.rpm	b21bc00a32c3d734f0724e6dadac009da1f0eec5cb201453e7f25adf7d067add
s390x	libarchive-devel-3.5.3-7.el9_7.s390x.rpm	e02f6a133370e489853fda0eec66984e6593f9bc7b3f6ca4f4696145bf0600cc
x86_64	bsdtar-3.5.3-7.el9_7.x86_64.rpm	3af7ab8c9a224e18bb0972668647de14246ec7d8b826cd691304cdbfb12b181c
x86_64	libarchive-3.5.3-7.el9_7.x86_64.rpm	910d6bb0e70fcf04bcab3f0678e2a9689bddfa8e866c1699148ddfb3e7b53c85
x86_64	libarchive-devel-3.5.3-7.el9_7.x86_64.rpm	a5b5c142c3dfeb70f181851152c1a845cb1e76071e48c5d0de2f246a5917f265

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.