{"id":"MGASA-2026-0168","summary":"Updated tar packages fix security vulnerability","details":"A flaw was found in tar. A remote attacker could exploit this\nvulnerability by crafting a malicious archive, leading to hidden file\ninjection with fully attacker-controlled content. This bypasses\npre-extraction inspection mechanisms, potentially allowing an attacker\nto introduce malicious files onto a system without detection.\nThis update fixes the reported issue.\n","modified":"2026-06-02T05:30:04.713002208Z","published":"2026-06-02T05:23:04Z","upstream":["CVE-2026-5704"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0168.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35350"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455360"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/04/11/10"},{"type":"WEB","url":"https://lists.gnu.org/archive/html/bug-tar/2026-03/msg00007.html"}],"affected":[{"package":{"name":"tar","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/tar?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.35-4.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0168.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}