Issued:: 2026-04-16
Updated:: 2026-04-16

RHSA-2026:8521 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libarchive security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libarchive is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.

Security Fix(es):

libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424)
libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2449006 - CVE-2026-4424 libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing
BZ - 2452945 - CVE-2026-5121 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
libarchive-3.3.2-8.el8_2.2.src.rpm	SHA-256: c40b3872a9c4d9803ee48792b271f2b574898310cf90a0abe03addc5272fd8f3
x86_64
bsdcat-debuginfo-3.3.2-8.el8_2.2.i686.rpm	SHA-256: a51062c35c44615adcb97f8cbef1a25ed3c1e8aaca085dfee8c7bff20934baab
bsdcat-debuginfo-3.3.2-8.el8_2.2.x86_64.rpm	SHA-256: 8b8f76c558e41c99c32a0aabce5c8578ac8a2c7003935b8d2619731af98c3811
bsdcpio-debuginfo-3.3.2-8.el8_2.2.i686.rpm	SHA-256: 002309bdf45e61d07b582fd9ad6621eddcccded0699f03d262ee8ed9bf068885
bsdcpio-debuginfo-3.3.2-8.el8_2.2.x86_64.rpm	SHA-256: 5c21a22d109b34036ca9518d3206b64f4e226dda04aea52a55c0d55c38e8522a
bsdtar-3.3.2-8.el8_2.2.x86_64.rpm	SHA-256: 69f9c298fd3f5f36dba27d7594c416bace2545dedabf687fc7831704f7153b50
bsdtar-debuginfo-3.3.2-8.el8_2.2.i686.rpm	SHA-256: 7d8c602016cc4f89ba0b6295d3aee19f87bae6d22f9263fdd8ac7e8f1f236d72
bsdtar-debuginfo-3.3.2-8.el8_2.2.x86_64.rpm	SHA-256: f1a8f269e419414983ed9b1ce60f0fb8d76f2d28cb1caa4f02995fd86b310656
libarchive-3.3.2-8.el8_2.2.i686.rpm	SHA-256: 512290d98fcafed176d76209481b663f33f127c3c61e363d1caa8692e7500cc5
libarchive-3.3.2-8.el8_2.2.x86_64.rpm	SHA-256: 2f463696c59c37f52075c7a696552741c503701d2c32a7bd50a25ccc97cc5d96
libarchive-debuginfo-3.3.2-8.el8_2.2.i686.rpm	SHA-256: f6d577fe6ace4eff8b046db593540e32f2058b0aa503b389cd78def767c3bbea
libarchive-debuginfo-3.3.2-8.el8_2.2.x86_64.rpm	SHA-256: 66f524031ffd03605c2627cdb9ef018a5de47b6b600201bd6ad55d9c8639de01
libarchive-debugsource-3.3.2-8.el8_2.2.i686.rpm	SHA-256: b8666b73c3ca6fc9a46b78f0f78d5527086197a8a514b08e63eccbe167e0c49f
libarchive-debugsource-3.3.2-8.el8_2.2.x86_64.rpm	SHA-256: a71d52b7df692e1653008df80eaa90b6bb0b1c2904dc5e3181a23500b3c07ef3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation