Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

Amazon Linux 2023 : perl-Archive-Tar, perl-Archive-Tar-tests (ALAS2023-2026-1805)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1805 advisory. Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink witho...

CVE-2026-42497

A flaw was found in perl-Archive-Tar. This vulnerability allows an attacker to craft a malicious tar archive that, when extracted, can create hardlinks to arbitrary files outside the intended extraction directory. This could lead to the modification of sensitive files on the system, potentially...

CVE-2026-42496

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

UBUNTU-CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

UBUNTU-CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

MiracleLinux 7 : perl-Archive-Tar-1.92-3.el7 (AXSA:2019-4250:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4250:01 advisory. perl: Directory traversal in Archive::Tar CVE-2018-12015 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CLSA-2025-1758822697 perl-CPAN: Fix of 2 CVEs

CVE-2023-31484: verify TLS certificates when downloading distributions over HTTPS - CVE-2020-16156: fix Signature Verification Bypass...

[SECURITY] Fedora 41 Update: perl-PAR-Packer-1.063-6.fc41

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

[SECURITY] Fedora 42 Update: perl-PAR-Packer-1.064-2.fc42

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

Linux Distros Unpatched Vulnerability : CVE-2018-10860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while...

OPENSUSE-SU-2024:10523-1 perl-Archive-Extract-0.78-1.1 on GA media

These are all security issues fixed in the perl-Archive-Extract-0.78-1.1 package on the GA media of openSUSE Tumbleweed...

RHEL 6 : perl-archive-zip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - perl-Archive-Zip: Directory traversal in Archive::Zip CVE-2018-10860 Note that Nessus has not tested for this issue...

RHEL 7 : perl-archive-zip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - perl-Archive-Zip: Directory traversal in Archive::Zip CVE-2018-10860 Note that Nessus has not tested for this issue...

RHEL 5 : perl-archive-zip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - perl-Archive-Zip: Directory traversal in Archive::Zip CVE-2018-10860 Note that Nessus has not tested for this issue...

Oracle Linux 7 : perl-Archive-Tar (ELSA-2019-2097)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-2097 advisory. 1.92-3 - CVE-2018-12015 - Directory traversal in Archive::Tar bug 1592803 Tenable has extracted the preceding description block directly from the Oracle Linux...

SUSE CVE-2018-10860

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary...

SUSE CVE-2020-16155

The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data...