{"schema_version": "1.7.0", "id": "RLSA-2026:30857", "modified": "2026-07-05T12:06:42.446724Z", "published": "2026-07-05T12:05:09.130757Z", "upstream": ["CVE-2026-42496"], "summary": "Important: perl-Archive-Tar security update", "details": "Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files.\n\nSecurity Fix(es):\n\n* perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access (CVE-2026-42496)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:10", "name": "perl-Archive-Tar", "purl": "pkg:rpm/rocky-linux/perl-Archive-Tar?distro=rocky-linux-10-aarch64&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.02-512.el10_2.1"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:30857"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481314"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}