OPENSUSE-SU-2026:10743-1 tar-1.35-7.1 on GA media

These are all security issues fixed in the tar-1.35-7.1 package on the GA media of openSUSE Tumbleweed...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload. An attacker can introduce unauthorized files with arbitrary content by providing a specially crafted archive that bypasses pre-extraction inspection mechanisms. Workaround This vulnerability can be mitigated by...

org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-29786 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-29786 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15416076...

EUVD-2021-1849

Malware in sbrugna...

PT-2023-27111 · Gnu +5 · Gnu Tar +5

Name of the Vulnerable Software and Affected Versions: GNU tar versions prior to 1.35 Description: The issue arises from mishandled extension attributes in a PAX archive, which can cause an application crash in xheader.c. Recommendations: For GNU tar versions prior to 1.35, update to version 1.35...

tar: heap buffer overflow at from_header() in list.c via specially crafted checksum

A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. An attacker could possibly use this issue to expose sensitive information or cause a crash...

SUSE-SU-2019:14215-1 Security update for tar

This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes jscECO-339 Sparse files with large data No backticks in quoting --owner and --group names and numbers Support for POSIX ACLs, extended attributes and SELinux context. Passing command line argumen...

The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the tar-1.13.25 package of the CentOS operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The tar-1.15.1 package of the Red Hat Enterprise Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities exist in the tar-1.14 package of the Red Hat Enterprise Linux operating system. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...