Stay Secure with the Latest Linux Advisories

security advisorycriticalmemory exhaustion

Mageia Archive-Tar Critical Extraction Attacks Vulnerability 2026-0230

Security update. Publication date: 24 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0230.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-42496, CVE-2026-42497, CVE-2026-9538 Description: The updated package fixes security vulnerabilities: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. (CVE-2026-42496) Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. (CVE-2026-42497) Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. (CVE-2026-9538) References: - https://bugs.mageia.org/show_bug.cgi?id=35587 - https://www.openwall.com/lists/oss-security/2026/05/26/2 - https://www.openwall.com/lists/oss-security/2026/05/26/3 - https://www.openwall.com/lists/oss-security/2026/05/26/4 - https://www.cve.org/CVERecord?id=CVE-2026-42496 - https://www.cve.org/CVERecord?id=CVE-2026-42497 - https://www.cve.org/CVERecord?id=CVE-2026-9538 SRPMS: - 9/core/perl-Archive-Tar-2.380.0-2.1.mga9 . Critical security update for Mageia addresses multiple vulnerabilities in Archive::Tar impacting version prior to 3.10.. Mageia security update, Archive::Tar vulnerabilities, critical patch, extraction security, memory attack mitigation. . Severity: Critical. LinuxSecurity.com Team

Jun 24, 2026 •Critical Mageia