Red Hat Product Errata RHSA-2026:9592 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9592 - Security Advisory Overview Updated Packages Synopsis Important: libarchive security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libarchive is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424) libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2449006 - CVE-2026-4424 libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing BZ - 2452945 - CVE-2026-5121 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing CVEs CVE-2026-4424 CVE-2026-5121 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM libarchive-3.3.3-1.el8_4.2.src.rpm SHA-256: 535e8fed02696f33ab3a8ff9d9de0094de7ceb246db5d33182a17f672373859d x86_64 bsdcat-debuginfo-3.3.3-1.el8_4.2.i686.rpm SHA-256: 22d6c663b0b989fc7620a8bda5ac399e1029303056f9e027510922d65d344449 bsdcat-debuginfo-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: a327a7f5201a7cb45a720c205d6c07fe03eb463473e576adea2cde38496f3402 bsdcpio-debuginfo-3.3.3-1.el8_4.2.i686.rpm SHA-256: df9f99ddb620280f2662f7f0f4fd7454a89ecf04b3a33e66fb5d757b05912b4c bsdcpio-debuginfo-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: fc3a40154bd9d38088a52291e8c606a48d8a8dfd5ae89efafb84ef3b8295a313 bsdtar-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: 592e1972550d0c6d729768f13af7bfbbeb239538309ba8b1ef6bbc25b294a79e bsdtar-debuginfo-3.3.3-1.el8_4.2.i686.rpm SHA-256: 80c81960a8321e8f288ea968c23283336c3988103922ccbc391fd23cfb733f12 bsdtar-debuginfo-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: bf82460c425c26385d26d0b51be4aa00c9a2a650dd99b0fe18dcf59459351906 libarchive-3.3.3-1.el8_4.2.i686.rpm SHA-256: 7a5af275308fb72d9f20258e626fae0872543a88cec5ed7d35aaa0ada5f63a1c libarchive-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: dd4e07f1e1afac05fa4914b54812fb89692d7e4564c30723052807b5c05a303d libarchive-debuginfo-3.3.3-1.el8_4.2.i686.rpm SHA-256: 5c3cc8d4c3f28b8b8b8265b161d7c37ff12f63c2129959c5f8b7a64e88e7809d libarchive-debuginfo-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: 9b74d2ad6ed0681f69cf643b07433927998650f3e66a5dcd63cf315b5d82e160 libarchive-debugsource-3.3.3-1.el8_4.2.i686.rpm SHA-256: 6a0bb4c44e2e519b9f4981097acd45f08f16f7ab6ae1f0795361c35eca6a53af libarchive-debugsource-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: 1a901fd96966ede9078ad0586b0edf1903d0df9158b2e5431780eb681611cb02 Red Hat Enterprise Linux Server - AUS 8.4 SRPM libarchive-3.3.3-1.el8_4.2.src.rpm SHA-256: 535e8fed02696f33ab3a8ff9d9de0094de7ceb246db5d33182a17f672373859d x86_64 bsdcat-debuginfo-3.3.3-1.el8_4.2.i686.rpm SHA-256: 22d6c663b0b989fc7620a8bda5ac399e1029303056f9e027510922d65d344449 bsdcat-debuginfo-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: a327a7f5201a7cb45a720c205d6c07fe03eb463473e576adea2cde38496f3402 bsdcpio-debuginfo-3.3.3-1.el8_4.2.i686.rpm SHA-256: df9f99ddb620280f2662f7f0f4fd7454a89ecf04b3a33e66fb5d757b05912b4c bsdcpio-debuginfo-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: fc3a40154bd9d38088a52291e8c606a48d8a8dfd5ae89efafb84ef3b8295a313 bsdtar-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: 592e1972550d0c6d729768f13af7bfbbeb239538309ba8b1ef6bbc25b294a79e bsdtar-debuginfo-3.3.3-1.el8_4.2.i686.rpm SHA-256: 80c81960a8321e8f288ea968c23283336c3988103922ccbc391fd23cfb733f12 bsdtar-debuginfo-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: bf82460c425c26385d26d0b51be4aa00c9a2a650dd99b0fe18dcf59459351906 libarchive-3.3.3-1.el8_4.2.i686.rpm SHA-256: 7a5af275308fb72d9f20258e626fae0872543a88cec5ed7d35aaa0ada5f63a1c libarchive-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: dd4e07f1e1afac05fa4914b54812fb89692d7e4564c30723052807b5c05a303d libarchive-debuginfo-3.3.3-1.el8_4.2.i686.rpm SHA-256: 5c3cc8d4c3f28b8b8b8265b161d7c37ff12f63c2129959c5f8b7a64e88e7809d libarchive-debuginfo-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: 9b74d2ad6ed0681f69cf643b07433927998650f3e66a5dcd63cf315b5d82e160 libarchive-debugsource-3.3.3-1.el8_4.2.i686.rpm SHA-256: 6a0bb4c44e2e519b9f4981097acd45f08f16f7ab6ae1f0795361c35eca6a53af libarchive-debugsource-3.3.3-1.el8_4.2.x86_64.rpm SHA-256: 1a901fd96966ede9078ad0586b0edf1903d0df9158b2e5431780eb681611cb02 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .