Advisories » MGASA-2026-0168

Updated tar packages fix security vulnerability

Publication date: 02 Jun 2026
Modification date: 02 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5704

Description

A flaw was found in tar. A remote attacker could exploit this
vulnerability by crafting a malicious archive, leading to hidden file
injection with fully attacker-controlled content. This bypasses
pre-extraction inspection mechanisms, potentially allowing an attacker
to introduce malicious files onto a system without detection.
This update fixes the reported issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35350
• https://bugzilla.redhat.com/show_bug.cgi?id=2455360
• https://www.openwall.com/lists/oss-security/2026/04/11/10
• https://lists.gnu.org/archive/html/bug-tar/2026-03/msg00007.html
• https://www.cve.org/CVERecord?id=CVE-2026-5704

SRPMS

9/core

• tar-1.35-4.mga9