libarchive-3.5.3-7.el9_7

エラータID: AXSA:2026-345:01

Release date: 
Saturday, March 21, 2026 - 18:07
Subject: 
libarchive-3.5.3-7.el9_7
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.

Security Fix(es):

* libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive (CVE-2026-4111)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-4111
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Solution: 

Update packages.

CVEs: 
CVE-2026-4111
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
Additional Info: 

N/A

Download: 

SRPMS
  1. libarchive-3.5.3-7.el9_7.src.rpm
    MD5: af1298e2a8a12cf1a1780bb963ebdbff
    SHA-256: 55bae8e29cf8b2dd90b614b7c73f23052788acefa994e9786ef51eca9b68c523
    Size: 6.72 MB

Asianux Server 9 for x86_64
  1. bsdtar-3.5.3-7.el9_7.x86_64.rpm
    MD5: 1cb729d10143b61511423c2dc3a38010
    SHA-256: 46b4aab6c53b570d34f3a32814790b128c501d8862abf8ffc04e3a2facafb159
    Size: 61.57 kB
  2. libarchive-3.5.3-7.el9_7.i686.rpm
    MD5: af3b86d40052ebd9283cd77c002d0fdf
    SHA-256: 414eec1ab727c7d6ccb8e9f32fa2fd08f6cc06b11d66dba2e86325af629f368c
    Size: 434.18 kB
  3. libarchive-3.5.3-7.el9_7.x86_64.rpm
    MD5: ec3fdd50a46d62547d28f58e5786645f
    SHA-256: 64fdc1aa00ef29f4a6a00c8f9bf41a2e4c38d921126ee911255e42028fde116a
    Size: 386.76 kB
  4. libarchive-devel-3.5.3-7.el9_7.i686.rpm
    MD5: 1f3d5a456beb6201365a0f1428c28da9
    SHA-256: e883443187be04b75b410388cdd88446c3d585cdb1f352dd5520715290c8d841
    Size: 134.36 kB
  5. libarchive-devel-3.5.3-7.el9_7.x86_64.rpm
    MD5: a1a184d49b677119621597bd41d6d602
    SHA-256: ead975409b803599b45f2aa98bc5aab359859c929ea10713b61620647ee06a6d
    Size: 134.37 kB