Amazon Linux 2023 : perl-Archive-Tar, perl-Archive-Tar-tests (ALAS2023-2026-1805)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1805 advisory. Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink witho...

Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

CVE-2026-42497

A flaw was found in perl-Archive-Tar. This vulnerability allows an attacker to craft a malicious tar archive that, when extracted, can create hardlinks to arbitrary files outside the intended extraction directory. This could lead to the modification of sensitive files on the system, potentially...

CVE-2026-42496

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

UBUNTU-CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

UBUNTU-CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

MiracleLinux 7 : perl-Archive-Tar-1.92-3.el7 (AXSA:2019-4250:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4250:01 advisory. perl: Directory traversal in Archive::Tar CVE-2018-12015 Tenable has extracted the preceding description block directly from the MiracleLinux security...

Oracle Linux 7 : perl-Archive-Tar (ELSA-2019-2097)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-2097 advisory. 1.92-3 - CVE-2018-12015 - Directory traversal in Archive::Tar bug 1592803 Tenable has extracted the preceding description block directly from the Oracle Linux...

new packages: perl-Archive-Tar

An update is available for perl-Archive-Tar. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl-Archive-Tar (EulerOS-SA-2020-1998)

According to the version of the perl-Archive-Tar package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives...

Huawei EulerOS: Security Advisory for perl-Archive-Tar (EulerOS-SA-2020-1998)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary File Write

perl-archive-tar is vulnerable to arbitrary file write. The vulnerability exists as multiple directory traversal flaws were discovered in the Archive::Tar module. A specially-crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an arbitrar...

Huawei EulerOS: Security Advisory for perl-Archive-Tar (EulerOS-SA-2019-2181)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for perl-Archive-Tar (EulerOS-SA-2019-2415)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : perl-Archive-Tar Vulnerability (NS-SA-2019-0230)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has perl-Archive-Tar packages installed that are affected by a vulnerability: - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitra...

EulerOS 2.0 SP2 : perl-Archive-Tar (EulerOS-SA-2019-2415)

According to the version of the perl-Archive-Tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrit...

EulerOS 2.0 SP5 : perl-Archive-Tar (EulerOS-SA-2019-2181)

According to the version of the perl-Archive-Tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling whi...