Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Malicious files can be injected into tar archives
MGASA-2026-0168
Summary
A security update fixes a vulnerability in tar that allows attackers to inject malicious files into archives. This could let an attacker secretly add malicious files to your system. Update to the latest version of tar to fix this issue.
What to do
- Update tar to version 1.35-4.mga9.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Mageia:9 | – | tar |
< 1.35-4.mga9 Fix: upgrade to 1.35-4.mga9
|
Original title
Updated tar packages fix security vulnerability
Original description
A flaw was found in tar. A remote attacker could exploit this
vulnerability by crafting a malicious archive, leading to hidden file
injection with fully attacker-controlled content. This bypasses
pre-extraction inspection mechanisms, potentially allowing an attacker
to introduce malicious files onto a system without detection.
This update fixes the reported issue.
vulnerability by crafting a malicious archive, leading to hidden file
injection with fully attacker-controlled content. This bypasses
pre-extraction inspection mechanisms, potentially allowing an attacker
to introduce malicious files onto a system without detection.
This update fixes the reported issue.
- https://advisories.mageia.org/MGASA-2026-0168.html Vendor Advisory
- https://bugs.mageia.org/show_bug.cgi?id=35350 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2455360 Third Party Advisory
- https://www.openwall.com/lists/oss-security/2026/04/11/10 URL
- https://lists.gnu.org/archive/html/bug-tar/2026-03/msg00007.html URL
Published: 2 Jun 2026 · Updated: 2 Jun 2026 · First seen: 2 Jun 2026