Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
210
security advisorylinuxautomationTARmageddon: async-tar Vulnerability Exposes Linux Archive Extraction Risks
A path traversal flaw in the Rust async-tar library has people looking harder at archive extraction security on Linux. Researchers are calling it TARmageddon, which fits. It’s not a kernel panic or a zero-day bomb, but it’s the kind of quiet bug that ends up everywhere — build servers, CI pipelines, container images. . The problem’s simple. async-tar doesn’t properly sanitize file paths when unpacking a tar file. A crafted .tar file can slip files outside the intended directory and overwrite system data. No one’s shown a clean remote code execution (RCE) path yet, but that doesn’t matter much if your build process just wrote an attacker’s file to /etc/cron.d. CVE-2025-62518 is the provisional tag floating around. Whether or not it sticks, the point stands — these small libraries sit deep in automation stacks, and one unsafe assumption can cascade across thousands of systems. This isn’t news to most admins. Linux archive security has always been more about habits than patches. But TARmageddon is a good reminder of how easy it is to trust an archive you shouldn’t. How the async-tar Vulnerability Works on Linux Here’s what’s known about how it happens and where it shows up. Vulnerability Overview The Rust async-tar library handles archive extraction asynchronously. That’s great for speed but less so for safety. When unpacking a tar file, it doesn’t fully sanitize directory paths. A malicious archive can slip entries like ../../etc/passwd into the stream, and the library will write them outside the target directory. It’s a classic path traversal vulnerability. In most tests, that means files get overwritten like configs, scripts, whatever the process has write access to. No confirmed Linux remote code execution yet, but overwrite is usually step one in the chain. The bug shows up in projects that call async-tar directly or through build tooling that depends on it. For the technically inclined, the library’s behavior is documented in the async-tar library documentation . Affected Components and Environments You’ll see exposure mainly in Rust-based tools and CI/CD jobs using async-tar or its forks like tokio-tar. Anything unpacking untrusted tar files— containers, build pipelines, or automated deployment tasks can be hit. Maintainers working with tokio-tar have already pushed a fix, outlined in the astral-tokio-tar security advisory . A safer alternative for new projects is tar-rs, which includes proper path sanitization by default. This isn’t the first time archive libraries have failed this way. A nearly identical bug appeared in npm’s tar-fs module, as noted in the Debian security update for node-tar-fs path traversal . Different language, same blind spot, assuming file paths can be trusted. Technical Reference There’s no officially assigned CVE yet. Some reports reference CVE-2025-62518, but that listing hasn’t been verified. The CVE-2025-62518 vulnerability details page summarizes what’s been discussed publicly so far. Researchers found the issue during static analysis of unmaintained Rust crates, a reminder that dependency drift is its own risk. Once a library drops maintenance, small bugs like this one can hide for years. Why Tar File Extraction Security Matters on Linux Every admin unpacks a tar file without a second thought. It’s part of the muscle memory of Linux work. But that routine is exactly where this kind of mistake hides. Archive Extraction Risks in Linux Systems Tar archives run everything under the hood — packaging, backups, container layers, you name it. When that system breaks, it’s not flashy. It’s quiet. A build fails—a config change. Something odd starts running where it shouldn’t. A bad archive doesn’t need fancy malware. If it overwrites a script or drops a new file into a live directory, it’s already won. One poisoned tar file in a CI cache can move through a fleet before anyone notices. That’s why this bug lands squarely in Linux supply chainsecurity. Every automated build that extracts archives inherits the trust model of the tool doing the unpacking. Most of the time, that means CI/CD security is assumed rather than verified. Path Traversal Exploits and Real-World Parallels We’ve seen this movie before. The Python tarfile bug, CVE-2007-4559, sat unnoticed for years while developers kept shipping vulnerable code. npm’s tar and tar-fs had similar holes. Even core tools like GNU tar have cracked — see the Ubuntu GNU tar denial-of-service vulnerability . The async-tar issue just keeps the trend going. Same pattern, different stack. It’s not that engineers don’t know better. It’s that archive handling feels like solved work — until a path traversal vulnerability shows it isn’t. These flaws all fall under a familiar bucket in the NVD vulnerability classification framework : improper input validation. The oldest bug there is trust. Broader Linux Security Implications Automation makes life easier and attacks faster. Build jobs, containers, and deployment scripts unpack archives nonstop, sometimes with root rights, sometimes without a second thought. A single untrusted archive in that flow can rewrite a config, poison a container image, or slip into production. It’s not a headline-worthy hack. It’s just lazy archive extraction, security meeting real-world consequences. That’s the uncomfortable part of Linux hardening — we’re often defending against ourselves. Mitigation and Response: Securing Tar Extraction on Linux If async-tar exposed one thing, it’s that archive handling still needs guardrails. Here’s what actually helps when closing path traversal vulnerabilities in day-to-day Linux work. 1. Replace Vulnerable Libraries If you’re using async-tar or tokio-tar, stop. Switch to tar-rs , which includes proper path sanitization and is still maintained. It’s a drop-in option for most Rust tools, but more importantly, it’s alive. Run dependency scans often. Old or abandoned cratesare how these bugs stay hidden for years. cargo-audit and RustSec checks catch most of them. 2. Avoid Root Extraction Don’t run tar commands as root unless you enjoy rebuilding servers. Run extraction through a limited service account or inside a container with tight file permissions. Even a small tar file can overwrite critical configs if it runs with full privileges. 3. Sandbox Archive Operations Isolation beats cleanup every time. Use systemd-run --user --pty to launch a temporary environment, or go further with bubblewrap . Point the writable directory somewhere safe — /tmp/build or /work — and keep everything else read-only. It takes an extra command, but it cuts off most sandbox escape routes before they start. 4. Validate Before Extraction Never trust what you haven’t looked at. List archive contents first: tar -tvf archive.tar tar -tvf archive.tar Then extract safely: tar --one-top-level --restrict -xf archive.tar tar --one-top-level --restrict -xf archive.tar Those flags limit where files land and prevent accidental writes outside the target directory. 5. Automate Checks in CI/CD Don’t rely on memory. Add scripts that flag unsafe tar usage or call out unmaintained dependencies. Verify every archive source — mirrors, third-party packages, automated downloads. Most CI/CD pipelines already parse manifests; add validation before unpacking anything. Follow vendor updates when they land, like the Fedora advisory for astral-tokio-tar fix (FEDORA-2025-5e50082948) . The safest Linux hardening stance treats every archive as untrusted. Combine sandboxing, path sanitization, and strict tar command flags. That alone blocks most remote code execution attempts born from sloppy archive extraction. It’s not elegant, but it works, and that’s what counts. Conclusion: Reinforcing Linux Archive Extraction Security If TARmageddon showed anything, it’s that even familiar tools can become attack surfaces when the basics are ignored.async-tar wasn’t malicious, just unguarded — and that’s often worse. A single unchecked path can undo every other layer of defense on a system that looks hardened from the outside. The real takeaway is simple: treat every .tar file as untrusted input. Most remote code execution stories don’t start with zero-days; they start with shortcuts — missing flags, root extractions, and unreviewed scripts. Mitigation isn’t just about patching or replacing a crate. It’s about verifying every tar command, automating checks, and keeping privileges narrow enough that one bad archive can’t reach anything that matters. Sandboxing and privilege separation still win over theoretical fixes every time. Admins and DevOps teams should take this moment to audit the quiet stuff — build jobs, cron tasks, Dockerfiles — anything that extracts or handles archives. Move those processes into safer lanes with bubblewrap or systemd-run , and assume that tomorrow’s package might not be clean. Long-term, this is about supply chain security. Verifying not just what code runs, but how it arrives. It’s a small shift in mindset, but it’s the one that keeps your environment boring — and boring, in security, is the goal. For reference, LinuxSecurity.com has tracked similar issues before, like the Python tarfile vulnerability affecting 350,000 projects . The patterns haven’t changed much — only the toolchains have. . Explore the TARmageddon vulnerability in async-tar impacting archive extraction on Linux with vital security tips.. async-tar security, Rust vulnerabilities, archive extraction security, path traversal exploits, container security. . MaK Ulac
Oct 24, 2025
•
Security Vulnerabilities
210
security advisoryexploitlinuxCISA: UnRAR Path Traversal Threat Exploitation Advisory on CVE-2022-30333
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. . Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. This means that an adversary could exploit the flaw to drop arbitrary files on a target system that has the utility installed simply by decompressing the file. The vulnerability was revealed by SonarSource researcher Simon Scannell in late June. The link for this article located at The Hacker News is no longer available. . CISA has warned about the continued exploitation of the UnRAR tool due to a path traversal vulnerability known as CVE-2022-30333. UnRAR Exploit, Path Traversal Threat, CISA Advisory, Linux Security Issue. . Brittany Day
Aug 11, 2022
•
Security Vulnerabilities
210
security advisoryremote code executionKDEKDE: ARK Tool Flaw Allows Hackers To Execute Code Remotely
A dangerous vulnerability has been discovered in the default Linux KDE extraction utility called ARK that allows malicious actors to overwrite files or execute code on victims' computers by tricking them into downloading an archive and extracting it. . KDE is a desktop environment found in Linux distributions such as OpenSUSE, Kali, KUbuntu, and others that offers a graphical user interface to the operating system. Discovered by security researcher Dominik Penner of Hackers for Change, a path traversal vulnerability has been found in the default ARK archive utility that allows malicious actors to perform remote code execution by distributing malicious archives. . A security flaw in the KDE ARK application permits malicious code execution; discover strategies to safeguard yourself from this risk.. KDE, ARK Vulnerability, Linux Extraction Tool, Remote Code Execution, Path Traversal. . Brittany Day
Jul 31, 2020
•
Security Vulnerabilities
79
denial of servicecode executioncross-site scriptingGoogle Jarlsberg Server: Learn Cross-Site Scripting and Exploit Methods
Google's online tutorial for web developers includes a server which demonstrates typical vulnerabilities for them to virtually exploit. The tutorial consists of two elements: an intentionally unsafe mini-blog web application . The Google Code University's guide includes sections on cross-site scripting, path traversal, code execution and denial of service. It then challenges the student to exploit the various vulnerabilities on the Jarlsberg server, providing some hints along the way. For those who do not discover the solutions, each section ends with answers and a suggestions on how the student might improve their technique. The link for this article located at H Security is no longer available. . Uncover flaws within the Google Code University’s web development guide, addressing issues like cross-site scripting and additional security concerns.. Google Vulnerability Guide, Web Development Security, Exploit Techniques. . LinuxSecurity.com Team
May 06, 2010
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More