libarchive-3.5.3-9.el9_7
エラータID: AXSA:2026-455:02
リリース日:
2026/04/19 Sunday - 12:25
題名:
libarchive-3.5.3-9.el9_7
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libarchive には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、巧妙に細工された RAR ファイルを介して、
情報の漏洩を可能とする脆弱性が存在します。(CVE-2026-4424)
- libarchive には、整数オーバーフローの問題があるため、リモート
の攻撃者により、巧妙に細工された ISO9660 イメージを介して、任意
のコードの実行を可能とする脆弱性が存在します。(CVE-2026-5121)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-4424
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
CVE-2026-5121
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
追加情報:
N/A
ダウンロード:
SRPMS
- libarchive-3.5.3-9.el9_7.src.rpm
MD5: d3d3acf9b3cff05380861e92ca703149
SHA-256: e5be1a0c210bc18553c7590ebf13771c58f5367ef2b9002fa92f268e42432567
Size: 6.73 MB
Asianux Server 9 for x86_64
- bsdtar-3.5.3-9.el9_7.x86_64.rpm
MD5: 13d1dbdd082c6ede524c67f7395aa93a
SHA-256: ffbe14bf1212f1ec1ac60c5bb9d89ffdce337684db881ab4580a6c5aedb81e85
Size: 61.73 kB - libarchive-3.5.3-9.el9_7.i686.rpm
MD5: 9e61ed8102183afa4778c88c3deca836
SHA-256: 726c327b8b9c9d530f9ae971e78599daa793e6433af40ae19137d18e0f916b93
Size: 434.36 kB - libarchive-3.5.3-9.el9_7.x86_64.rpm
MD5: 1fa14e47e7bcb2c33515fac3d917510f
SHA-256: 18f6c2cd65e24e29a6dd1b9f5eb52acf8a949f3f9d9e380ac6d89bb39a6c2c1a
Size: 386.94 kB - libarchive-devel-3.5.3-9.el9_7.i686.rpm
MD5: 2c475965b29ec8d3bf9833d592c2bf86
SHA-256: 0dfd4210cac9eb4c99897e1723ea4ffa0451ac42ac923e3af4fd8786dfdb2226
Size: 134.55 kB - libarchive-devel-3.5.3-9.el9_7.x86_64.rpm
MD5: c68e20ddaf93b311f99c1522ac53f079
SHA-256: d1613e2dea70edffdc7f803012ca75c0122b99281bf587f39f252e4fff591233
Size: 134.52 kB
English