An update for libarchive is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1641 Final 1.0 1.0 2026-03-20 Initial 2026-03-20 2026-03-20 openEuler SA Tool V1.0 2026-03-20 libarchive security update An update for libarchive is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2 is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security Fix(es): A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.(CVE-2026-4111) An update for libarchive is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libarchive https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1641 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 libarchive-3.7.1-10.oe2403sp3.src.rpm libarchive-3.4.3-13.oe2003sp4.src.rpm libarchive-3.5.2-12.oe2203sp4.src.rpm libarchive-3.7.1-10.oe2403.src.rpm libarchive-3.7.1-10.oe2403sp1.src.rpm libarchive-3.7.1-10.oe2403sp2.src.rpm libarchive-help-3.7.1-10.oe2403sp3.noarch.rpm libarchive-help-3.4.3-13.oe2003sp4.noarch.rpm libarchive-help-3.5.2-12.oe2203sp4.noarch.rpm libarchive-help-3.7.1-10.oe2403.noarch.rpm libarchive-help-3.7.1-10.oe2403sp1.noarch.rpm libarchive-help-3.7.1-10.oe2403sp2.noarch.rpm bsdcat-3.7.1-10.oe2403sp3.aarch64.rpm bsdcpio-3.7.1-10.oe2403sp3.aarch64.rpm bsdtar-3.7.1-10.oe2403sp3.aarch64.rpm bsdunzip-3.7.1-10.oe2403sp3.aarch64.rpm libarchive-3.7.1-10.oe2403sp3.aarch64.rpm libarchive-debuginfo-3.7.1-10.oe2403sp3.aarch64.rpm libarchive-debugsource-3.7.1-10.oe2403sp3.aarch64.rpm libarchive-devel-3.7.1-10.oe2403sp3.aarch64.rpm libarchive-3.4.3-13.oe2003sp4.aarch64.rpm libarchive-debuginfo-3.4.3-13.oe2003sp4.aarch64.rpm libarchive-debugsource-3.4.3-13.oe2003sp4.aarch64.rpm libarchive-devel-3.4.3-13.oe2003sp4.aarch64.rpm bsdcat-3.5.2-12.oe2203sp4.aarch64.rpm bsdcpio-3.5.2-12.oe2203sp4.aarch64.rpm bsdtar-3.5.2-12.oe2203sp4.aarch64.rpm libarchive-3.5.2-12.oe2203sp4.aarch64.rpm libarchive-debuginfo-3.5.2-12.oe2203sp4.aarch64.rpm libarchive-debugsource-3.5.2-12.oe2203sp4.aarch64.rpm libarchive-devel-3.5.2-12.oe2203sp4.aarch64.rpm bsdcat-3.7.1-10.oe2403.aarch64.rpm bsdcpio-3.7.1-10.oe2403.aarch64.rpm bsdtar-3.7.1-10.oe2403.aarch64.rpm bsdunzip-3.7.1-10.oe2403.aarch64.rpm libarchive-3.7.1-10.oe2403.aarch64.rpm libarchive-debuginfo-3.7.1-10.oe2403.aarch64.rpm libarchive-debugsource-3.7.1-10.oe2403.aarch64.rpm libarchive-devel-3.7.1-10.oe2403.aarch64.rpm bsdcat-3.7.1-10.oe2403sp1.aarch64.rpm bsdcpio-3.7.1-10.oe2403sp1.aarch64.rpm bsdtar-3.7.1-10.oe2403sp1.aarch64.rpm bsdunzip-3.7.1-10.oe2403sp1.aarch64.rpm libarchive-3.7.1-10.oe2403sp1.aarch64.rpm libarchive-debuginfo-3.7.1-10.oe2403sp1.aarch64.rpm libarchive-debugsource-3.7.1-10.oe2403sp1.aarch64.rpm libarchive-devel-3.7.1-10.oe2403sp1.aarch64.rpm bsdcat-3.7.1-10.oe2403sp2.aarch64.rpm bsdcpio-3.7.1-10.oe2403sp2.aarch64.rpm bsdtar-3.7.1-10.oe2403sp2.aarch64.rpm bsdunzip-3.7.1-10.oe2403sp2.aarch64.rpm libarchive-3.7.1-10.oe2403sp2.aarch64.rpm libarchive-debuginfo-3.7.1-10.oe2403sp2.aarch64.rpm libarchive-debugsource-3.7.1-10.oe2403sp2.aarch64.rpm libarchive-devel-3.7.1-10.oe2403sp2.aarch64.rpm bsdcat-3.7.1-10.oe2403sp3.x86_64.rpm bsdcpio-3.7.1-10.oe2403sp3.x86_64.rpm bsdtar-3.7.1-10.oe2403sp3.x86_64.rpm bsdunzip-3.7.1-10.oe2403sp3.x86_64.rpm libarchive-3.7.1-10.oe2403sp3.x86_64.rpm libarchive-debuginfo-3.7.1-10.oe2403sp3.x86_64.rpm libarchive-debugsource-3.7.1-10.oe2403sp3.x86_64.rpm libarchive-devel-3.7.1-10.oe2403sp3.x86_64.rpm libarchive-3.4.3-13.oe2003sp4.x86_64.rpm libarchive-debuginfo-3.4.3-13.oe2003sp4.x86_64.rpm libarchive-debugsource-3.4.3-13.oe2003sp4.x86_64.rpm libarchive-devel-3.4.3-13.oe2003sp4.x86_64.rpm bsdcat-3.5.2-12.oe2203sp4.x86_64.rpm bsdcpio-3.5.2-12.oe2203sp4.x86_64.rpm bsdtar-3.5.2-12.oe2203sp4.x86_64.rpm libarchive-3.5.2-12.oe2203sp4.x86_64.rpm libarchive-debuginfo-3.5.2-12.oe2203sp4.x86_64.rpm libarchive-debugsource-3.5.2-12.oe2203sp4.x86_64.rpm libarchive-devel-3.5.2-12.oe2203sp4.x86_64.rpm bsdcat-3.7.1-10.oe2403.x86_64.rpm bsdcpio-3.7.1-10.oe2403.x86_64.rpm bsdtar-3.7.1-10.oe2403.x86_64.rpm bsdunzip-3.7.1-10.oe2403.x86_64.rpm libarchive-3.7.1-10.oe2403.x86_64.rpm libarchive-debuginfo-3.7.1-10.oe2403.x86_64.rpm libarchive-debugsource-3.7.1-10.oe2403.x86_64.rpm libarchive-devel-3.7.1-10.oe2403.x86_64.rpm bsdcat-3.7.1-10.oe2403sp1.x86_64.rpm bsdcpio-3.7.1-10.oe2403sp1.x86_64.rpm bsdtar-3.7.1-10.oe2403sp1.x86_64.rpm bsdunzip-3.7.1-10.oe2403sp1.x86_64.rpm libarchive-3.7.1-10.oe2403sp1.x86_64.rpm libarchive-debuginfo-3.7.1-10.oe2403sp1.x86_64.rpm libarchive-debugsource-3.7.1-10.oe2403sp1.x86_64.rpm libarchive-devel-3.7.1-10.oe2403sp1.x86_64.rpm bsdcat-3.7.1-10.oe2403sp2.x86_64.rpm bsdcpio-3.7.1-10.oe2403sp2.x86_64.rpm bsdtar-3.7.1-10.oe2403sp2.x86_64.rpm bsdunzip-3.7.1-10.oe2403sp2.x86_64.rpm libarchive-3.7.1-10.oe2403sp2.x86_64.rpm libarchive-debuginfo-3.7.1-10.oe2403sp2.x86_64.rpm libarchive-debugsource-3.7.1-10.oe2403sp2.x86_64.rpm libarchive-devel-3.7.1-10.oe2403sp2.x86_64.rpm A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives. 2026-03-20 CVE-2026-4111 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H libarchive security update 2026-03-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1641