Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:9026: Important: libarchive security update

rhelcve-2026-4424cve-2026-5121
This security update addresses two Important-severity vulnerabilities in libarchive: an information disclosure via heap out-of-bounds read during RAR archive processing (CVE-2026-4424) and arbitrary code execution via an integer overflow in ISO9660 image processing (CVE-2026-5121), both with a CVSS score of 7.5 (HIGH). The update is applicable to Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Telecommunications Update Service. Affected systems should be updated to the patched packages, such as libarchive-3.3.3-5.el8_8.2 for x86_64 systems, as referenced in the advisory.
Read Full Article →

Red Hat Product Errata RHSA-2026:9026 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:9026 - Security Advisory Overview Updated Packages Synopsis Important: libarchive security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libarchive is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424) libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64 Red Hat Enterprise Linux Server - TUS 8.8 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 Fixes BZ - 2449006 - CVE-2026-4424 libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing BZ - 2452945 - CVE-2026-5121 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing CVEs CVE-2026-4424 CVE-2026-5121 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 SRPM libarchive-3.3.3-5.el8_8.2.src.rpm SHA-256: b2d636beeeaa091ed24a78a381d52757ce9f22729c2078af3863019ae4501ed8 x86_64 bsdcat-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 05f3db0ae76f6f163040322e49d85bbfdb39791c667c098c8e9a75efb58907c6 bsdcat-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 358562d3d1dce62ac197b788bff1bd4abf65c5c8b3e377ba882fe953b524b10f bsdcpio-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 0801ac74ee642fa6d6dc566c9724f65539a6493917b53a0f3e29fdc7667a259c bsdcpio-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 7ae7893ae43be98e2108a783d65245133dc4fda4c3410786bc6313e0c93b746f bsdtar-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 63c4123d0ba7f01dffb5b705fa1b094d062769e4a244f2b5d004e065b45a3ea9 bsdtar-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 874c8887a59e5f352042390db7aca78a443671005a4ad16d62d85fe058c07e71 bsdtar-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: a9393c8c3ac399d9e9e660436586822aa54dbfc2097f3d2622709a2d2e7dcf17 libarchive-3.3.3-5.el8_8.2.i686.rpm SHA-256: 22be1de37a4abdb8e818928c614794e14a4c51e9b2cda0c8b4dcc5c18e9183a7 libarchive-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: f87250dfcaf2d15e44f23c440c64db696e1ad635bda883325e9929cce94369e3 libarchive-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: d94b037a32a11a9f41ebdd4c7ac6f7c2a1b235e79ba2ad1b378be091872b7221 libarchive-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 58384a406909f804806c38b8a90ecf4548347558e0db9efe3312674d29e35569 libarchive-debugsource-3.3.3-5.el8_8.2.i686.rpm SHA-256: 665708242f059a66a4845dabc691602b048ee5bf8d5f19a07cac38720dc5f40a libarchive-debugsource-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: d54291d7837d8530add2679881b92cd074349a80e99843e0436979ffac6ef3f9 Red Hat Enterprise Linux Server - TUS 8.8 SRPM libarchive-3.3.3-5.el8_8.2.src.rpm SHA-256: b2d636beeeaa091ed24a78a381d52757ce9f22729c2078af3863019ae4501ed8 x86_64 bsdcat-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 05f3db0ae76f6f163040322e49d85bbfdb39791c667c098c8e9a75efb58907c6 bsdcat-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 358562d3d1dce62ac197b788bff1bd4abf65c5c8b3e377ba882fe953b524b10f bsdcpio-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 0801ac74ee642fa6d6dc566c9724f65539a6493917b53a0f3e29fdc7667a259c bsdcpio-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 7ae7893ae43be98e2108a783d65245133dc4fda4c3410786bc6313e0c93b746f bsdtar-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 63c4123d0ba7f01dffb5b705fa1b094d062769e4a244f2b5d004e065b45a3ea9 bsdtar-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 874c8887a59e5f352042390db7aca78a443671005a4ad16d62d85fe058c07e71 bsdtar-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: a9393c8c3ac399d9e9e660436586822aa54dbfc2097f3d2622709a2d2e7dcf17 libarchive-3.3.3-5.el8_8.2.i686.rpm SHA-256: 22be1de37a4abdb8e818928c614794e14a4c51e9b2cda0c8b4dcc5c18e9183a7 libarchive-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: f87250dfcaf2d15e44f23c440c64db696e1ad635bda883325e9929cce94369e3 libarchive-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: d94b037a32a11a9f41ebdd4c7ac6f7c2a1b235e79ba2ad1b378be091872b7221 libarchive-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 58384a406909f804806c38b8a90ecf4548347558e0db9efe3312674d29e35569 libarchive-debugsource-3.3.3-5.el8_8.2.i686.rpm SHA-256: 665708242f059a66a4845dabc691602b048ee5bf8d5f19a07cac38720dc5f40a libarchive-debugsource-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: d54291d7837d8530add2679881b92cd074349a80e99843e0436979ffac6ef3f9 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 SRPM libarchive-3.3.3-5.el8_8.2.src.rpm SHA-256: b2d636beeeaa091ed24a78a381d52757ce9f22729c2078af3863019ae4501ed8 ppc64le bsdcat-debuginfo-3.3.3-5.el8_8.2.ppc64le.rpm SHA-256: cb9eb409b847a5f8fed90e97fe5c2273eb330cd312e5c2277df40197917b76d9 bsdcpio-debuginfo-3.3.3-5.el8_8.2.ppc64le.rpm SHA-256: c7bd3403f0794b6b613c30c8d95ee57e0350444dd8bde29d7a0713b50da64090 bsdtar-3.3.3-5.el8_8.2.ppc64le.rpm SHA-256: 48339b0454fe2bb3c9cf763927f5582079947814daab1349e6bc47130e520584 bsdtar-debuginfo-3.3.3-5.el8_8.2.ppc64le.rpm SHA-256: 22cca1d7c2ea7f77b1ce09834121f043a9157c53f13393ffcb7ae2a606a77fea libarchive-3.3.3-5.el8_8.2.ppc64le.rpm SHA-256: 5671157796db485e94405216892e5cba1b8ece55b51b9d1347301bc550877a58 libarchive-debuginfo-3.3.3-5.el8_8.2.ppc64le.rpm SHA-256: 7b1beb3ea0a70a3e6624b1f76abbd5bd8c2a28279799633effb453e06920cd49 libarchive-debugsource-3.3.3-5.el8_8.2.ppc64le.rpm SHA-256: c868e40b6a6ef34b2feeda72de127f36a9626cbce52ecd54086dd9162f79b88c Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 SRPM libarchive-3.3.3-5.el8_8.2.src.rpm SHA-256: b2d636beeeaa091ed24a78a381d52757ce9f22729c2078af3863019ae4501ed8 x86_64 bsdcat-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 05f3db0ae76f6f163040322e49d85bbfdb39791c667c098c8e9a75efb58907c6 bsdcat-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 358562d3d1dce62ac197b788bff1bd4abf65c5c8b3e377ba882fe953b524b10f bsdcpio-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 0801ac74ee642fa6d6dc566c9724f65539a6493917b53a0f3e29fdc7667a259c bsdcpio-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 7ae7893ae43be98e2108a783d65245133dc4fda4c3410786bc6313e0c93b746f bsdtar-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 63c4123d0ba7f01dffb5b705fa1b094d062769e4a244f2b5d004e065b45a3ea9 bsdtar-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: 874c8887a59e5f352042390db7aca78a443671005a4ad16d62d85fe058c07e71 bsdtar-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: a9393c8c3ac399d9e9e660436586822aa54dbfc2097f3d2622709a2d2e7dcf17 libarchive-3.3.3-5.el8_8.2.i686.rpm SHA-256: 22be1de37a4abdb8e818928c614794e14a4c51e9b2cda0c8b4dcc5c18e9183a7 libarchive-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: f87250dfcaf2d15e44f23c440c64db696e1ad635bda883325e9929cce94369e3 libarchive-debuginfo-3.3.3-5.el8_8.2.i686.rpm SHA-256: d94b037a32a11a9f41ebdd4c7ac6f7c2a1b235e79ba2ad1b378be091872b7221 libarchive-debuginfo-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: 58384a406909f804806c38b8a90ecf4548347558e0db9efe3312674d29e35569 libarchive-debugsource-3.3.3-5.el8_8.2.i686.rpm SHA-256: 665708242f059a66a4845dabc691602b048ee5bf8d5f19a07cac38720dc5f40a libarchive-debugsource-3.3.3-5.el8_8.2.x86_64.rpm SHA-256: d54291d7837d8530add2679881b92cd074349a80e99843e0436979ffac6ef3f9 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .

Related Articles

HIGH RHSA-2026:8867: Important: libarchive security update Red Hat Errata HIGH RHSA-2026:8864: Important: libarchive security update Red Hat Errata HIGH RHSA-2026:8873: Important: libarchive security update Red Hat Errata HIGH RHSA-2026:8866: Important: libarchive security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn