Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 security and extras update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

Updated tar packages fix security vulnerability

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

SUSE-SU-2026:21880-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...

RLSA-2026:18480 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

RockyLinux 9 : linux-sgx (RLSA-2026:18868)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18868 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.32 security and extras update

Red Hat OpenShift Container Platform release 4.19.32 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...

Linux Distros Unpatched Vulnerability : CVE-2026-42497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar...

EUVD-2026-31777

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

archive-tar-new 安全漏洞

archive-tar-new is a Perl module developed by Jos Boumans, used for creating and manipulating tar files in memory. Versions of archive-tar-new prior to version 3.10 contained security vulnerabilities. These vulnerabilities stemmed from the readtar function, which did not set an upper limit when...

Linux Distros Unpatched Vulnerability : CVE-2026-9538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload wi...

Astra Linux - уязвимость в tar

A flaw was discovered in the src/list.c file of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The greatest threat posed by this vulnerability is to system availability...

Astra Linux - уязвимость в tar

GNU Tar version 1.34 has a one-byte out-of-bounds read operation, which allows for the use of uninitialized memory during a conditional jump. Exploitation to alter the control flow has not been demonstrated. The issue occurs in the fromheader section of the list.c file, due to a V7 archive where...

Astra Linux - уязвимость в tar

In GNU tar before version 1.35, mishandling of extension attributes in a PAX archive can cause the application to crash in xheader.c...

Astra Linux - уязвимость в node-tar

The npm package “tar” also known as node-tar in versions prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has a vulnerability related to arbitrary file creation/overwriting, due to insufficient symlink protection. node-tar aims to ensure that any file whose location would be modified by a symbolic link i...

Astra Linux - уязвимость в node-tar

The npm package “tar” also known as node-tar in versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent the extraction of absolute file paths by converting absolute paths into relative...

node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink...

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

ALSA-2026:18480 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

Unity Linux 20.1060e / 20.1070e Security Update: tar (UTSA-2026-017517)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017517 advisory. A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption...