RLSA-2026:30857

Source
https://errata.rockylinux.org/RLSA-2026:30857
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2026:30857.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2026:30857
Upstream
  • CVE-2026-42496
Published
2026-07-05T12:05:09.130757Z
Modified
2026-07-05T12:30:05.949386892Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Important: perl-Archive-Tar security update
Details

Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files.

Security Fix(es):

  • perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access (CVE-2026-42496)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:10 / perl-Archive-Tar

Package

Name
perl-Archive-Tar
Purl
pkg:rpm/rocky-linux/perl-Archive-Tar?distro=rocky-linux-10-aarch64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.02-512.el10_2.1
Database specific
{
    "yum_repository": "AppStream"
}

Database specific

source
"https://storage.googleapis.com/resf-osv-data/RLSA-2026:30857.json"