========================================================================== Ubuntu Security Notice USN-8292-1 May 21, 2026 libarchive vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in libarchive. Software Description: - libarchive: Library to read/write archive files Details: It was discovered that libarchive incorrectly handled certain RAR archives. An attacker could possibly use this issue to cause an out-of-bounds read via a crafted RAR archive, leading to sensitive memory disclosure. (CVE-2026-4424) It was discovered that libarchive incorrectly handled certain ISO files. An attacker could possibly use this issue to cause incorrect memory allocation via a crafted ISO file, leading to a denial of service. (CVE-2026-4426) It was discovered that libarchive incorrectly handled block pointer allocation in zisofs on 32-bit systems. An attacker could possibly use this issue to cause a heap buffer overflow via a crafted ISO9660 image, possibly leading to arbitrary code execution. (CVE-2026-5121) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libarchive-dev 3.8.5-1ubuntu2.1 libarchive-tools 3.8.5-1ubuntu2.1 libarchive13t64 3.8.5-1ubuntu2.1 Ubuntu 25.10 libarchive-dev 3.7.7-0ubuntu3.2 libarchive-tools 3.7.7-0ubuntu3.2 libarchive13t64 3.7.7-0ubuntu3.2 Ubuntu 24.04 LTS libarchive-dev 3.7.2-2ubuntu0.7 libarchive-tools 3.7.2-2ubuntu0.7 libarchive13t64 3.7.2-2ubuntu0.7 Ubuntu 22.04 LTS libarchive-dev 3.6.0-1ubuntu1.7 libarchive-tools 3.6.0-1ubuntu1.7 libarchive13 3.6.0-1ubuntu1.7 Ubuntu 20.04 LTS libarchive-dev 3.4.0-2ubuntu1.5+esm2 Available with Ubuntu Pro libarchive-tools 3.4.0-2ubuntu1.5+esm2 Available with Ubuntu Pro libarchive13 3.4.0-2ubuntu1.5+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS bsdcpio 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro bsdtar 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro libarchive-dev 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro libarchive-tools 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro libarchive13 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS bsdcpio 3.1.2-11ubuntu0.16.04.8+esm3 Available with Ubuntu Pro bsdtar 3.1.2-11ubuntu0.16.04.8+esm3 Available with Ubuntu Pro libarchive-dev 3.1.2-11ubuntu0.16.04.8+esm3 Available with Ubuntu Pro libarchive13 3.1.2-11ubuntu0.16.04.8+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS bsdcpio 3.1.2-7ubuntu2.8+esm5 Available with Ubuntu Pro bsdtar 3.1.2-7ubuntu2.8+esm5 Available with Ubuntu Pro libarchive-dev 3.1.2-7ubuntu2.8+esm5 Available with Ubuntu Pro libarchive13 3.1.2-7ubuntu2.8+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8292-1 CVE-2026-4424, CVE-2026-4426, CVE-2026-5121 Package Information: https://launchpad.net/ubuntu/+source/libarchive/3.8.5-1ubuntu2.1 https://launchpad.net/ubuntu/+source/libarchive/3.7.7-0ubuntu3.2 https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.7 https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.7
No comments:
Post a Comment