An update for perl-Archive-Tar is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2678 Final 1.0 1.0 2026-06-12 Initial 2026-06-12 2026-06-12 openEuler SA Tool V1.0 2026-06-12 perl-Archive-Tar security update An update for perl-Archive-Tar is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4 archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files. Security Fix(es): Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.(CVE-2026-42496) An update for perl-Archive-Tar is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical perl-Archive-Tar https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2678 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42496 https://nvd.nist.gov/vuln/detail/CVE-2026-42496 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 perl-Archive-Tar-3.02-3.oe2403sp1.src.rpm perl-Archive-Tar-3.02-3.oe2403sp3.src.rpm perl-Archive-Tar-2.38-2.oe2003sp4.src.rpm perl-Archive-Tar-2.40-4.oe2203sp4.src.rpm perl-Archive-Tar-3.02-3.oe2403sp1.noarch.rpm perl-Archive-Tar-help-3.02-3.oe2403sp1.noarch.rpm perl-Archive-Tar-3.02-3.oe2403sp3.noarch.rpm perl-Archive-Tar-help-3.02-3.oe2403sp3.noarch.rpm perl-Archive-Tar-2.38-2.oe2003sp4.noarch.rpm perl-Archive-Tar-help-2.38-2.oe2003sp4.noarch.rpm perl-Archive-Tar-2.40-4.oe2203sp4.noarch.rpm perl-Archive-Tar-help-2.40-4.oe2203sp4.noarch.rpm Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path. 2026-06-12 CVE-2026-42496 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N perl-Archive-Tar security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2678