|
|
Log in / Subscribe / Register

Mageia alert MGASA-2026-0168 (tar)



From:
              Mageia Updates <updates-announce@ml.mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2026-0168: Updated tar packages fix security vulnerability


Date:
              Tue, 02 Jun 2026 07:23:45 +0200


Message-ID:
              <20260602052345.8E4749FCA8@duvel.mageia.org>


Archive-link:
              Article


MGASA-2026-0168 - Updated tar packages fix security vulnerability

Publication date: 02 Jun 2026
URL: https://advisories.mageia.org/MGASA-2026-0168.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2026-5704

Description:
A flaw was found in tar. A remote attacker could exploit this
vulnerability by crafting a malicious archive, leading to hidden file
injection with fully attacker-controlled content. This bypasses
pre-extraction inspection mechanisms, potentially allowing an attacker
to introduce malicious files onto a system without detection.
This update fixes the reported issue.

References:
- https://bugs.mageia.org/show_bug.cgi?id=35350
- https://bugzilla.redhat.com/show_bug.cgi?id=2455360
- https://www.openwall.com/lists/oss-security/2026/04/11/10
- https://lists.gnu.org/archive/html/bug-tar/2026-03/msg000...
- https://www.cve.org/CVERecord?id=CVE-2026-5704

SRPMS:
- 9/core/tar-1.35-4.mga9
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds