|
|
Log in / Subscribe / Register

Ubuntu alert USN-8292-1 (libarchive)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8292-1] libarchive vulnerabilities


Date:
              Thu, 21 May 2026 18:51:05 +0000


Message-ID:
              <E1wQ8U5-0001ii-C0@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8292-1
May 21, 2026

libarchive vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libarchive.

Software Description:
- libarchive: Library to read/write archive files

Details:

It was discovered that libarchive incorrectly handled certain RAR
archives. An attacker could possibly use this issue to cause an
out-of-bounds read via a crafted RAR archive, leading to sensitive
memory disclosure. (CVE-2026-4424)

It was discovered that libarchive incorrectly handled certain ISO files.
An attacker could possibly use this issue to cause incorrect memory
allocation via a crafted ISO file, leading to a denial of service.
(CVE-2026-4426)

It was discovered that libarchive incorrectly handled block pointer
allocation in zisofs on 32-bit systems. An attacker could possibly use
this issue to cause a heap buffer overflow via a crafted ISO9660 image,
possibly leading to arbitrary code execution. (CVE-2026-5121)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libarchive-dev                  3.8.5-1ubuntu2.1
  libarchive-tools                3.8.5-1ubuntu2.1
  libarchive13t64                 3.8.5-1ubuntu2.1

Ubuntu 25.10
  libarchive-dev                  3.7.7-0ubuntu3.2
  libarchive-tools                3.7.7-0ubuntu3.2
  libarchive13t64                 3.7.7-0ubuntu3.2

Ubuntu 24.04 LTS
  libarchive-dev                  3.7.2-2ubuntu0.7
  libarchive-tools                3.7.2-2ubuntu0.7
  libarchive13t64                 3.7.2-2ubuntu0.7

Ubuntu 22.04 LTS
  libarchive-dev                  3.6.0-1ubuntu1.7
  libarchive-tools                3.6.0-1ubuntu1.7
  libarchive13                    3.6.0-1ubuntu1.7

Ubuntu 20.04 LTS
  libarchive-dev                  3.4.0-2ubuntu1.5+esm2
                                  Available with Ubuntu Pro
  libarchive-tools                3.4.0-2ubuntu1.5+esm2
                                  Available with Ubuntu Pro
  libarchive13                    3.4.0-2ubuntu1.5+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  bsdcpio                         3.2.2-3.1ubuntu0.7+esm3
                                  Available with Ubuntu Pro
  bsdtar                          3.2.2-3.1ubuntu0.7+esm3
                                  Available with Ubuntu Pro
  libarchive-dev                  3.2.2-3.1ubuntu0.7+esm3
                                  Available with Ubuntu Pro
  libarchive-tools                3.2.2-3.1ubuntu0.7+esm3
                                  Available with Ubuntu Pro
  libarchive13                    3.2.2-3.1ubuntu0.7+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  bsdcpio                         3.1.2-11ubuntu0.16.04.8+esm3
                                  Available with Ubuntu Pro
  bsdtar                          3.1.2-11ubuntu0.16.04.8+esm3
                                  Available with Ubuntu Pro
  libarchive-dev                  3.1.2-11ubuntu0.16.04.8+esm3
                                  Available with Ubuntu Pro
  libarchive13                    3.1.2-11ubuntu0.16.04.8+esm3
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  bsdcpio                         3.1.2-7ubuntu2.8+esm5
                                  Available with Ubuntu Pro
  bsdtar                          3.1.2-7ubuntu2.8+esm5
                                  Available with Ubuntu Pro
  libarchive-dev                  3.1.2-7ubuntu2.8+esm5
                                  Available with Ubuntu Pro
  libarchive13                    3.1.2-7ubuntu2.8+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8292-1
  CVE-2026-4424, CVE-2026-4426, CVE-2026-5121

Package Information:
  https://launchpad.net/ubuntu/+source/libarchive/3.8.5-1ub...
  https://launchpad.net/ubuntu/+source/libarchive/3.7.7-0ub...
  https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ub...
  https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ub...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoPU5EACgkQcpJm3tlz
hgHutw//QvQiJrjwYXel1BXKXnEbKMA9nutAvc0lRqIQK0hM5aLohh7J/JZ4aBQu
v1Z8L8pDjC7+3WLYC+NZc511JMD/Dks2K+ALnmLRBn2f9CydOC41hcTxWJ+L+UP/
MkHM2+suQS6ZmQHUVGubOXB8mTJTQOSqT0EaE5hNNpbuGgokMHReqs/UqoOVYkSs
uJ5PCbEccwla52FYPkGV7NIHqzuESuFCTE4o4j+cwBLYBQFYZyPQNPSutIDMnqRC
HpDhhoEJuZ1bguRlaMMPBOA7r+WOgIGJ8RxXHUXc6uCPpFWn7hkhOODwBXcBnr1r
E/BDlJhg2cwCqxCL26H3FpbJlynHNPLTCGkVAPa1rXqZ7RekI+GVIqGgsbBhTTjB
0N/V7D3ESSAZTf0oF9zgBuB+KvdDvPkmLPiOUYaGBkDdmc+XXOJye7NhJ7oVDVnO
lnRnJOx3caovAsFn7KzoA/S6orVU9VYR1jGUNXK6Tma5SzAqjRH4Di4q0Ip45ftb
dO3a9qJbEh9uAMPrT5vCUVtVQwGqIL5YjKoAE3XQakBdSCECiV1F0ycB6cUf7QPm
0ZVSYM6pL0inSUDKtipyE5Ng3Jk2sdjJT65+X0I0MSUrdq6Makaw4J8vhk9MiKTV
DCu5EL2xmoD81HlU82OZl3mzfsPqQclPEO9F0a8ZG6acki29b1A=
=eSN7
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds