libarchive-3.3.3-7.el8_10
エラータID: AXSA:2026-475:03
リリース日:
2026/04/21 Tuesday - 14:33
題名:
libarchive-3.3.3-7.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libarchive には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、巧妙に細工された RAR ファイルを介して、
情報の漏洩を可能とする脆弱性が存在します。(CVE-2026-4424)
- libarchive には、整数オーバーフローの問題があるため、リモート
の攻撃者により、巧妙に細工された ISO9660 イメージを介して、任意
のコードの実行を可能とする脆弱性が存在します。(CVE-2026-5121)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-4424
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
CVE-2026-5121
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
追加情報:
N/A
ダウンロード:
SRPMS
- libarchive-3.3.3-7.el8_10.src.rpm
MD5: b19f046a344b9764556421a1499d8cc3
SHA-256: c1dea175df4a6574bb835c9c5f02396bffc5649723094cd62eec334fdef91d5e
Size: 6.27 MB
Asianux Server 8 for x86_64
- bsdtar-3.3.3-7.el8_10.x86_64.rpm
MD5: cee7c67105109423d914a7bae694d146
SHA-256: e9059fc4e58e1bef97b33e10f3e8b731683720132857ed2656fea9521a4c21f1
Size: 70.16 kB - libarchive-3.3.3-7.el8_10.i686.rpm
MD5: d906f2cccf694306cbddc61297c21f23
SHA-256: 36452c661478b26692a130187a6203627837e57b5473ebee5fc68f6990b03d48
Size: 400.57 kB - libarchive-3.3.3-7.el8_10.x86_64.rpm
MD5: 83f500b8b5f24e584c4cdcde42b5ff26
SHA-256: 4eae9e002032bc60ddb086238d2d607a873d54895e96778346e71c52792b8841
Size: 359.26 kB - libarchive-devel-3.3.3-7.el8_10.i686.rpm
MD5: c0d9833dc3fe7f5c20a51c5ca80c72ea
SHA-256: 86f388d7be14a0b1ff04b3a951f2b3aef7c65a327444721df0ff39da00a69d76
Size: 131.03 kB - libarchive-devel-3.3.3-7.el8_10.x86_64.rpm
MD5: bdc75acb2d29b9b678ad2360713f4b63
SHA-256: 71ccb91a04d97dace8f5d038adde7964cbfc4e8b22cac1c47d06012a2f857825
Size: 131.01 kB
English