Red Hat Product Errata RHSA-2026:5063 - Security Advisory
Issued:
2026-03-19
Updated:
2026-03-19

RHSA-2026:5063 - Security Advisory

Synopsis

Important: libarchive security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libarchive is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.

Security Fix(es):

  • libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive (CVE-2026-4111)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64

Fixes

  • BZ - 2446453 - CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

Red Hat Enterprise Linux for x86_64 10

SRPM
libarchive-3.7.7-5.el10_1.src.rpm SHA-256: 6bffebb168c1005872c7840d3ead2713a7a48712f8a9424462dbed17d37cfbb5
x86_64
bsdcat-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 6d17e0c1bc3ec0bdf6fe54116b66a2a3b968e52ef3bdf1d9b4c783495d54c65b
bsdcat-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 6d17e0c1bc3ec0bdf6fe54116b66a2a3b968e52ef3bdf1d9b4c783495d54c65b
bsdcpio-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 9ed63c9e3e2898d4dc9ab1f6ecead348109d5f0b1eb8626f59d91a5b63024fba
bsdcpio-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 9ed63c9e3e2898d4dc9ab1f6ecead348109d5f0b1eb8626f59d91a5b63024fba
bsdtar-3.7.7-5.el10_1.x86_64.rpm SHA-256: 801f7e9511b8c5120d4410d9c5185625ebffe574c7726f7acb397495c474a73d
bsdtar-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 1b4be00fb6e8fc88c841643bf2d7224a08c63455ae1f4c5062149817e70b95e8
bsdtar-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 1b4be00fb6e8fc88c841643bf2d7224a08c63455ae1f4c5062149817e70b95e8
bsdunzip-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 7775e715baf0c60e58557bb43a3b6a550a321d9f18f32c6d3f0c5dda6c7903dd
bsdunzip-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 7775e715baf0c60e58557bb43a3b6a550a321d9f18f32c6d3f0c5dda6c7903dd
libarchive-3.7.7-5.el10_1.x86_64.rpm SHA-256: b964e337639201714a79b9bd92270ac94c0d7844620ddce6df1a58c5c11b86a6
libarchive-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 71fb45dd33cb5682e788e4167546e1401bf0b9d7a3cfe516f7fd91c349db8c77
libarchive-debuginfo-3.7.7-5.el10_1.x86_64.rpm SHA-256: 71fb45dd33cb5682e788e4167546e1401bf0b9d7a3cfe516f7fd91c349db8c77
libarchive-debugsource-3.7.7-5.el10_1.x86_64.rpm SHA-256: bb7a6cbaa6f39f00e5f42cf2d15358e6fa962e47345f03c15491b4118ddd4db9
libarchive-debugsource-3.7.7-5.el10_1.x86_64.rpm SHA-256: bb7a6cbaa6f39f00e5f42cf2d15358e6fa962e47345f03c15491b4118ddd4db9
libarchive-devel-3.7.7-5.el10_1.x86_64.rpm SHA-256: 0267523a334d6e7f77c89ade46bc953a740c7ff76a4b36e9ed088466817510aa

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
libarchive-3.7.7-5.el10_1.src.rpm SHA-256: 6bffebb168c1005872c7840d3ead2713a7a48712f8a9424462dbed17d37cfbb5
s390x
bsdcat-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: 8d9ead93b52f9bdd2b8a766664a90d69d3ec9e8952414776d6d34ba38c767ece
bsdcat-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: 8d9ead93b52f9bdd2b8a766664a90d69d3ec9e8952414776d6d34ba38c767ece
bsdcpio-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: 3bf270d7087ae06ba6705f1defee7c772b4acaf4f22e4afb04efa3c1a2161eb0
bsdcpio-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: 3bf270d7087ae06ba6705f1defee7c772b4acaf4f22e4afb04efa3c1a2161eb0
bsdtar-3.7.7-5.el10_1.s390x.rpm SHA-256: 8a5341e030c35bc6fbba1a804cb4c8f9aa8b47b5bc4f9c8e55eba873a5d72eb4
bsdtar-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: 70b44514d576846ee2e8cc678018381f9f73608990990c8f1a273740996ff7bb
bsdtar-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: 70b44514d576846ee2e8cc678018381f9f73608990990c8f1a273740996ff7bb
bsdunzip-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: 50c6b2784301ab3f9c7e9360ad84eb346e94ea8d6ac6f9be5c389bb56e5a4d02
bsdunzip-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: 50c6b2784301ab3f9c7e9360ad84eb346e94ea8d6ac6f9be5c389bb56e5a4d02
libarchive-3.7.7-5.el10_1.s390x.rpm SHA-256: 4d506d2b746e921e0dfe1bb4e90bb24936d19490c773e7d24017341d9fa011e5
libarchive-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: f7b8d4eafe54c9bd017e1a5a51c644a5d8c4e238b70afe8cc66c5a232ca20561
libarchive-debuginfo-3.7.7-5.el10_1.s390x.rpm SHA-256: f7b8d4eafe54c9bd017e1a5a51c644a5d8c4e238b70afe8cc66c5a232ca20561
libarchive-debugsource-3.7.7-5.el10_1.s390x.rpm SHA-256: acd711f0d94fdb90818a6ca1fbb174f1778180cee21e9dc08a838e0fe9fdd512
libarchive-debugsource-3.7.7-5.el10_1.s390x.rpm SHA-256: acd711f0d94fdb90818a6ca1fbb174f1778180cee21e9dc08a838e0fe9fdd512
libarchive-devel-3.7.7-5.el10_1.s390x.rpm SHA-256: 27e91610ed9f963451481483d14db4919f15b46891a3a830d838d9c075d67f7d

Red Hat Enterprise Linux for Power, little endian 10

SRPM
libarchive-3.7.7-5.el10_1.src.rpm SHA-256: 6bffebb168c1005872c7840d3ead2713a7a48712f8a9424462dbed17d37cfbb5
ppc64le
bsdcat-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 66d563165a7f6d172382d7441d112f74db0a72a6ca80e14ea5f4a4f9a03dd211
bsdcat-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 66d563165a7f6d172382d7441d112f74db0a72a6ca80e14ea5f4a4f9a03dd211
bsdcpio-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 5fb09bf02d1037af7ab2de5b1a8c2dad642c380b210f2a0d38480db4e4091605
bsdcpio-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 5fb09bf02d1037af7ab2de5b1a8c2dad642c380b210f2a0d38480db4e4091605
bsdtar-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 0f0c0290b9b1eece583c5e14184a6e4860c173349896f80a265571f33ab116cb
bsdtar-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 53e0a525354fe6edb553b5ac640e4ed48ca5f627bfda8797afd9c5e7e638bc6b
bsdtar-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 53e0a525354fe6edb553b5ac640e4ed48ca5f627bfda8797afd9c5e7e638bc6b
bsdunzip-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: df72d467fc5f87eef37b0d446c2b7d2657c3fbe2036698fedd1791c9b92ff9ef
bsdunzip-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: df72d467fc5f87eef37b0d446c2b7d2657c3fbe2036698fedd1791c9b92ff9ef
libarchive-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 0a620d1bba19a519d88a1bb7cbfff17ba0ebe1b995864e19856c36bb1a330fd3
libarchive-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: a63d9f732fd70e191d69758081d0ba2cedd5d13c9bb3d48a444b395514028e55
libarchive-debuginfo-3.7.7-5.el10_1.ppc64le.rpm SHA-256: a63d9f732fd70e191d69758081d0ba2cedd5d13c9bb3d48a444b395514028e55
libarchive-debugsource-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 740f0bd2cfec504dc97e5920d838cdbcc8a8257b30d32f3355e58a5120403419
libarchive-debugsource-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 740f0bd2cfec504dc97e5920d838cdbcc8a8257b30d32f3355e58a5120403419
libarchive-devel-3.7.7-5.el10_1.ppc64le.rpm SHA-256: 9f82fe38fff24c79188c09db7b4fa5b687049bb00dfd4d9aa6ffacf4e1e92281

Red Hat Enterprise Linux for ARM 64 10

SRPM
libarchive-3.7.7-5.el10_1.src.rpm SHA-256: 6bffebb168c1005872c7840d3ead2713a7a48712f8a9424462dbed17d37cfbb5
aarch64
bsdcat-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: 8590e066f1708c85072b4cb3ba2611ac62d70f3b3e91d523a780c0c80b4e99da
bsdcat-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: 8590e066f1708c85072b4cb3ba2611ac62d70f3b3e91d523a780c0c80b4e99da
bsdcpio-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: 1f836411ee0583c42058e99413f8b117d41e2a7947ebc445ed4a2c9702560104
bsdcpio-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: 1f836411ee0583c42058e99413f8b117d41e2a7947ebc445ed4a2c9702560104
bsdtar-3.7.7-5.el10_1.aarch64.rpm SHA-256: 145627c97fc3e4f2bac975196e6db6b9f5b044527891754bbdffc6ffa6c89a37
bsdtar-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: 006499062fcfd7582122efd0be04ce3ab3d6fa92ceeced3fba6caf8450ce7669
bsdtar-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: 006499062fcfd7582122efd0be04ce3ab3d6fa92ceeced3fba6caf8450ce7669
bsdunzip-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: d091ce6323405850730048d20364f461a507721774217c6fb5dd918b46aa82e1
bsdunzip-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: d091ce6323405850730048d20364f461a507721774217c6fb5dd918b46aa82e1
libarchive-3.7.7-5.el10_1.aarch64.rpm SHA-256: 7060025d7e1f20c84917e35a5af933a4bf5930fb95d2424534657533dd854814
libarchive-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: ef1c4e1b1a82e1d8c1944bcbd43cf22b9906ef3d41d3dbe2bb834a773a8b48fe
libarchive-debuginfo-3.7.7-5.el10_1.aarch64.rpm SHA-256: ef1c4e1b1a82e1d8c1944bcbd43cf22b9906ef3d41d3dbe2bb834a773a8b48fe
libarchive-debugsource-3.7.7-5.el10_1.aarch64.rpm SHA-256: fec408900c2988400496ad685d2e0515db529f55c286559caaa1f2f8f27afa01
libarchive-debugsource-3.7.7-5.el10_1.aarch64.rpm SHA-256: fec408900c2988400496ad685d2e0515db529f55c286559caaa1f2f8f27afa01
libarchive-devel-3.7.7-5.el10_1.aarch64.rpm SHA-256: c7e70aae7f3e65f699db8fb0842bf38ef79e1767ccd23747f50d43b84a82ad8c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.