rpms/libarchive
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix for CVE-2026-4424

Browse Source 
Resolves: RHEL-157397
This commit is contained in:
Pavol Sloboda 2026-04-08 13:49:55 +02:00
parent 4db50385c3
commit 3a704b1764
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
0006-Fix-CVE-2026-4424.patch Normal file
View File

@ -0,0 +1,31 @@
# This patch originally consisted of 3 hunks on the upstream:
# https://github.com/libarchive/libarchive/pull/2898/changes/e1907c5832b6489c7b4198b0825f857c93a03c10
# https://github.com/libarchive/libarchive/pull/2898/changes/d379dc0b2976b7207d1ad78f5ed3eb99a5b6d375
# but only the first and third hunk needs to be backported since the
# logic fix the second hunk provides does not need to be added
# as the logic is still correct in the current version of libarchive (3.7.7)
# thus the vulnerability in the code does not yet exist
diff -Naur libarchive-3.7.7/libarchive/archive_read_support_format_rar.c libarchive-3.7.7_patched/libarchive/archive_read_support_format_rar.c
--- libarchive-3.7.7/libarchive/archive_read_support_format_rar.c 2024-10-13 10:11:23.000000000 +0200
+++ libarchive-3.7.7_patched/libarchive/archive_read_support_format_rar.c 2026-04-08 12:50:20.721234057 +0200
@@ -2503,7 +2503,8 @@
return (r);
}
- if (!rar->dictionary_size || !rar->lzss.window)
+ if (!rar->dictionary_size || !rar->lzss.window ||
+ (unsigned int)(rar->lzss.mask + 1) < rar->dictionary_size)
{
/* Seems as though dictionary sizes are not used. Even so, minimize
* memory usage as much as possible.
@@ -3266,6 +3267,10 @@
else
blocklength = prog ? prog->oldfilterlength : 0;
+ if (blocklength > rar->dictionary_size ||
+ blocklength > (uint32_t)(rar->lzss.mask + 1))
+ return 0;
+
registers[3] = PROGRAM_SYSTEM_GLOBAL_ADDRESS;
registers[4] = blocklength;
registers[5] = prog ? prog->usagecount : 0;

3
libarchive.spec
View File

@ -52,6 +52,9 @@ Patch0003: 0003-Fix-CVE-2025-25724.patch
Patch0004: 0004-rar-Fix-double-free-with-over-4-billion-nodes-2598.patch
# Source: https://github.com/mmatuska/libarchive/commit/ec19fcbd20b18bd3b0fdcf2b3fb97789cd1bf575
Patch0005: 0005-Infinite-loop-in-Rar5-decompression.patch
# Source: https://github.com/libarchive/libarchive/pull/2898/changes/d379dc0b2976b7207d1ad78f5ed3eb99a5b6d375
# and: https://github.com/libarchive/libarchive/pull/2898/changes/e1907c5832b6489c7b4198b0825f857c93a03c10
Patch0006: 0006-Fix-CVE-2026-4424.patch
%description
Libarchive is a programming library that can create and read several different