perl-Archive-Tar-2.30-2.el8_10

エラータID: AXSA:2026-1104:01

Release date: 
Tuesday, June 30, 2026 - 17:38
Subject: 
perl-Archive-Tar-2.30-2.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files.

Security Fix(es):

* perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access (CVE-2026-42496)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-42496
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. perl-Archive-Tar-2.30-2.el8_10.src.rpm
    MD5: eb0d87d6f7d24befb4fcd82656f4c52a
    SHA-256: 51a4fc168e640ed649719b0b02892c61ff2566faeb0b11d0e62853fba19fb001
    Size: 82.33 kB

Asianux Server 8 for x86_64
  1. perl-Archive-Tar-2.30-2.el8_10.noarch.rpm
    MD5: eb6a3b54914b42b1ebb48f15efc653c8
    SHA-256: 2f5c2621bbcc0e7e3f0d8414590d1526f562d66997b7d729d77217d7dd86c8e8
    Size: 78.39 kB