Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Fedora 44 libarchive Faces Serious DoS Vulnerability CVE-2026-4111

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
CVE-2026-4111 affects libarchive in Fedora 44 causing potential DoS due to infinite loop. Update immediately.
CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

Summary

Libarchive is a programming library that can create and read several different

streaming archive formats, including most popular tar variants, several cpio

formats, and both BSD and GNU ar variants. It can also write shar archives and

read ISO9660 CDROM images and ZIP archives.

Update Information:

CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

Change Log

* Tue Mar 10 2026 Packit - 3.8.6-1 - Update to version 3.8.6 - Resolves: rhbz#2427134

References


[ 1 ] Bug #2448049 - CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2448049

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b42b8b1c00' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libarchive
Product: Fedora 44
Version: 3.8.6
Release: 1.fc44
Summary: A library for handling streaming archive formats

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.