perl-Archive-Tar-2.30-2.el8_10
エラータID: AXSA:2026-1104:01
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files.
Security Fix(es):
* perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access (CVE-2026-42496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-42496
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.
Update packages.
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.
N/A
SRPMS
- perl-Archive-Tar-2.30-2.el8_10.src.rpm
MD5: eb0d87d6f7d24befb4fcd82656f4c52a
SHA-256: 51a4fc168e640ed649719b0b02892c61ff2566faeb0b11d0e62853fba19fb001
Size: 82.33 kB
Asianux Server 8 for x86_64
- perl-Archive-Tar-2.30-2.el8_10.noarch.rpm
MD5: eb6a3b54914b42b1ebb48f15efc653c8
SHA-256: 2f5c2621bbcc0e7e3f0d8414590d1526f562d66997b7d729d77217d7dd86c8e8
Size: 78.39 kB