[ALSA-2026:8510] Important: libarchive security update
Type:
security
Severity:
important
Release date:
2026-04-17
Description:
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424) * libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 bsdtar-3.5.3-9.el9_7.aarch64.rpm 9c369ccedb8392314eb28a0dbd987b4d95780db9489d09cfbcbeb1c5a22d0ca4
aarch64 libarchive-devel-3.5.3-9.el9_7.aarch64.rpm b67f3393a20c6e352d5f9e8fe6970bfa36c6d6a49def71ea3ff9b899dda44ce3
aarch64 libarchive-3.5.3-9.el9_7.aarch64.rpm ea84a67e3bbcd06c703b319224d0e548f9bb7c256338e475f1f119b20c1f9f66
i686 libarchive-3.5.3-9.el9_7.i686.rpm 83dc63bcd67b3717a98b4e9a6e5a2f89376d58ec6a605d609440c3a3afd9caf8
i686 libarchive-devel-3.5.3-9.el9_7.i686.rpm aaa833c6b9a123c3958c648d32712e700a07340cd72f287ecd5b7cc47932a2e5
ppc64le bsdtar-3.5.3-9.el9_7.ppc64le.rpm 6ba64bc5e7e94413704ff5fe5514a73310fd8aad7b3b5c08d0205823832e232a
ppc64le libarchive-3.5.3-9.el9_7.ppc64le.rpm aeb20d6f3707b119fe456a7c12f24c2f6d23d485e9b2c2cb60e2b1686c916375
ppc64le libarchive-devel-3.5.3-9.el9_7.ppc64le.rpm e95e31137b132bc182637b4ddda89ea8d5cfdf33cc0af2f8c89da873f18dceec
s390x libarchive-devel-3.5.3-9.el9_7.s390x.rpm 14f520e396f9c68999c70a5528b5d749f7d118e8803819b721debbf639a5455d
s390x bsdtar-3.5.3-9.el9_7.s390x.rpm 3cdce0c54711dd89efc8acf65a347e034691e911f82d22d13f5680ef623b5b96
s390x libarchive-3.5.3-9.el9_7.s390x.rpm 7baa20f1f0f4f10049622b7f7fc30918febf8a94ffb53defb219680fc0fe6faa
x86_64 bsdtar-3.5.3-9.el9_7.x86_64.rpm 39b087871d28670f6ebb45ec7b12eaea2d7418a99dc0b57085c0f39c35bbc723
x86_64 libarchive-3.5.3-9.el9_7.x86_64.rpm ae150c1f4aa5ac21138df2c4d75df6e9a2c9c96b29096f2d33c9b8775cc89b82
x86_64 libarchive-devel-3.5.3-9.el9_7.x86_64.rpm ed7b293d73e61d26378a813c07389dece0d9d3502d033b0cfe523a9d84824061
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.