Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:8866: Important: libarchive security update

redhatcve-2026-4424cve-2026-5121
This security update addresses two vulnerabilities in libarchive: an information disclosure via a heap out-of-bounds read during RAR archive processing (CVE-2026-4424) and arbitrary code execution via an integer overflow in ISO9660 image processing (CVE-2026-5121), both with a CVSS score of 7.5 (High). The affected versions include libarchive up to unspecified versions and Red Hat Enterprise Linux versions 6.0 and 7.0, as well as OpenShift Container Platform 4.0. Red Hat has issued an Important-rated update for libarchive on Red Hat Enterprise Linux 9.6 Extended Update Support and related variants to remediate these issues.
Read Full Article →

Red Hat Product Errata RHSA-2026:8866 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8866 - Security Advisory Overview Updated Packages Synopsis Important: libarchive security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libarchive is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424) libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2449006 - CVE-2026-4424 libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing BZ - 2452945 - CVE-2026-5121 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing CVEs CVE-2026-4424 CVE-2026-5121 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM libarchive-3.5.3-7.el9_6.1.src.rpm SHA-256: a590c3f706fbc8932245513fca3328d68708a0b11565da86eed8002399f80c65 x86_64 bsdcat-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: 90b09a21e03057b2846882a8617c46ca84a3ec15a100ec0505d179cbcb5bf503 bsdcat-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: 90b09a21e03057b2846882a8617c46ca84a3ec15a100ec0505d179cbcb5bf503 bsdcat-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 474195f35f7c69c8df157f644ad8ab0370877fb945f06bbfc43f1f9c068670db bsdcat-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 474195f35f7c69c8df157f644ad8ab0370877fb945f06bbfc43f1f9c068670db bsdcpio-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: f6a2048e49aa3ce6f0b2df91f38a5b39509c924f955fb008aaad28512511ff7f bsdcpio-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: f6a2048e49aa3ce6f0b2df91f38a5b39509c924f955fb008aaad28512511ff7f bsdcpio-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 39297a38d718f2e0c1e9f8ba43488fb22afc9374b48bdfbafaafa093935d964d bsdcpio-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 39297a38d718f2e0c1e9f8ba43488fb22afc9374b48bdfbafaafa093935d964d bsdtar-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: db3f6eaf606941d613f6303710ad9ae531a958d2c2bc2e1e7d327c4d4d057523 bsdtar-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: dea642f22425c37878c9263f6f4d2a6bb5bedbc1bca0b836040e4d21cf0decae bsdtar-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: dea642f22425c37878c9263f6f4d2a6bb5bedbc1bca0b836040e4d21cf0decae bsdtar-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 352f945aa87bf5af44fdd4269c60e047c3e3b567f2c661bbdbd8d34dd7f20be8 bsdtar-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 352f945aa87bf5af44fdd4269c60e047c3e3b567f2c661bbdbd8d34dd7f20be8 libarchive-3.5.3-7.el9_6.1.i686.rpm SHA-256: d6066423474916a5db593fbbf7f5e4e413346810cd1b8d2049820b4ce6989103 libarchive-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 27ecc3fe1bfcc05aa20ed368f2e070cd76b39c5ef6bbe1a2ebf8a1d761e2d814 libarchive-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: d13862874bb08c902f76357db64ceed60123ef581bb1e99782f7ba57c1fbab1e libarchive-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: d13862874bb08c902f76357db64ceed60123ef581bb1e99782f7ba57c1fbab1e libarchive-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 9839c692f8e66a327ca1e38053b2aac42deb73c1f63a94a7cedf069feda8b402 libarchive-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 9839c692f8e66a327ca1e38053b2aac42deb73c1f63a94a7cedf069feda8b402 libarchive-debugsource-3.5.3-7.el9_6.1.i686.rpm SHA-256: be91b3ebe982cf74f37347dec2bda53d16b5d057df24993530e3ecb00050aca9 libarchive-debugsource-3.5.3-7.el9_6.1.i686.rpm SHA-256: be91b3ebe982cf74f37347dec2bda53d16b5d057df24993530e3ecb00050aca9 libarchive-debugsource-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 12fb5526680c9fbd874753966f6a37730f01f92b79ce9fbfe70ae7a7eeb72b34 libarchive-debugsource-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 12fb5526680c9fbd874753966f6a37730f01f92b79ce9fbfe70ae7a7eeb72b34 libarchive-devel-3.5.3-7.el9_6.1.i686.rpm SHA-256: 587186806743d84de25f812ee9ed2db3e1d3dd36634cc06b979d9f38df8521d5 libarchive-devel-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 281886665f495ebda45fc5878dda9ed75faaac6a4afa053da314a50146b5c20d Red Hat Enterprise Linux Server - AUS 9.6 SRPM libarchive-3.5.3-7.el9_6.1.src.rpm SHA-256: a590c3f706fbc8932245513fca3328d68708a0b11565da86eed8002399f80c65 x86_64 bsdcat-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: 90b09a21e03057b2846882a8617c46ca84a3ec15a100ec0505d179cbcb5bf503 bsdcat-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: 90b09a21e03057b2846882a8617c46ca84a3ec15a100ec0505d179cbcb5bf503 bsdcat-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 474195f35f7c69c8df157f644ad8ab0370877fb945f06bbfc43f1f9c068670db bsdcat-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 474195f35f7c69c8df157f644ad8ab0370877fb945f06bbfc43f1f9c068670db bsdcpio-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: f6a2048e49aa3ce6f0b2df91f38a5b39509c924f955fb008aaad28512511ff7f bsdcpio-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: f6a2048e49aa3ce6f0b2df91f38a5b39509c924f955fb008aaad28512511ff7f bsdcpio-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 39297a38d718f2e0c1e9f8ba43488fb22afc9374b48bdfbafaafa093935d964d bsdcpio-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 39297a38d718f2e0c1e9f8ba43488fb22afc9374b48bdfbafaafa093935d964d bsdtar-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: db3f6eaf606941d613f6303710ad9ae531a958d2c2bc2e1e7d327c4d4d057523 bsdtar-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: dea642f22425c37878c9263f6f4d2a6bb5bedbc1bca0b836040e4d21cf0decae bsdtar-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: dea642f22425c37878c9263f6f4d2a6bb5bedbc1bca0b836040e4d21cf0decae bsdtar-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 352f945aa87bf5af44fdd4269c60e047c3e3b567f2c661bbdbd8d34dd7f20be8 bsdtar-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 352f945aa87bf5af44fdd4269c60e047c3e3b567f2c661bbdbd8d34dd7f20be8 libarchive-3.5.3-7.el9_6.1.i686.rpm SHA-256: d6066423474916a5db593fbbf7f5e4e413346810cd1b8d2049820b4ce6989103 libarchive-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 27ecc3fe1bfcc05aa20ed368f2e070cd76b39c5ef6bbe1a2ebf8a1d761e2d814 libarchive-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: d13862874bb08c902f76357db64ceed60123ef581bb1e99782f7ba57c1fbab1e libarchive-debuginfo-3.5.3-7.el9_6.1.i686.rpm SHA-256: d13862874bb08c902f76357db64ceed60123ef581bb1e99782f7ba57c1fbab1e libarchive-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 9839c692f8e66a327ca1e38053b2aac42deb73c1f63a94a7cedf069feda8b402 libarchive-debuginfo-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 9839c692f8e66a327ca1e38053b2aac42deb73c1f63a94a7cedf069feda8b402 libarchive-debugsource-3.5.3-7.el9_6.1.i686.rpm SHA-256: be91b3ebe982cf74f37347dec2bda53d16b5d057df24993530e3ecb00050aca9 libarchive-debugsource-3.5.3-7.el9_6.1.i686.rpm SHA-256: be91b3ebe982cf74f37347dec2bda53d16b5d057df24993530e3ecb00050aca9 libarchive-debugsource-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 12fb5526680c9fbd874753966f6a37730f01f92b79ce9fbfe70ae7a7eeb72b34 libarchive-debugsource-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 12fb5526680c9fbd874753966f6a37730f01f92b79ce9fbfe70ae7a7eeb72b34 libarchive-devel-3.5.3-7.el9_6.1.i686.rpm SHA-256: 587186806743d84de25f812ee9ed2db3e1d3dd36634cc06b979d9f38df8521d5 libarchive-devel-3.5.3-7.el9_6.1.x86_64.rpm SHA-256: 281886665f495ebda45fc5878dda9ed75faaac6a4afa053da314a50146b5c20d Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM libarchive-3.5.3-7.el9_6.1.src.rpm SHA-256: a590c3f706fbc8932245513fca3328d68708a0b11565da86eed8002399f80c65 s390x bsdcat-debuginfo-3.5.3-7.el9_6.1.s390x.rpm SHA-256: aace98d22554e20a04da7bfa97bc2e935d6f34cece78d5bdfaa6108241bbd120 bsdcat-debuginfo-3.5.3-7.el9_6.1.s390x.rpm SHA-256: aace98d22554e20a04da7bfa97bc2e935d6f34cece78d5bdfaa6108241bbd120 bsdcpio-debuginfo-3.5.3-7.el9_6.1.s390x.rpm SHA-256: 0c8f11e38b21c7781e434677fa901ee7f3170b206a980a00c128fd10788b0611 bsdcpio-debuginfo-3.5.3-7.el9_6.1.s390x.rpm SHA-256: 0c8f11e38b21c7781e434677fa901ee7f31

Related Articles

HIGH RHSA-2026:8864: Important: libarchive security update Red Hat Errata HIGH RHSA-2026:8873: Important: libarchive security update Red Hat Errata HIGH RHSA-2026:9592: Important: libarchive security update Red Hat Errata HIGH RHSA-2026:8867: Important: libarchive security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn