Ubuntu
Multiple CVEs Discovered in tar Affecting Ubuntu and Mageia Systems
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Multiple vulnerabilities were identified in the tar utility, affecting Ubuntu 22.04 LTS and 24.04 LTS, as well as Mageia systems. These vulnerabilities allow attackers to craft malicious tar files that can lead to file overwriting or hidden file injection, bypassing pre-extraction inspection mechanisms. The vulnerabilities are tracked under CVE-2024-12905, CVE-2025-48387, and CVE-2025-59343 for Ubuntu, and CVE-2026-5704 for Mageia. The issues could allow remote attackers to write files outside the intended extraction directory or inject malicious content undetected. The vulnerabilities have been addressed in security updates released on June 2, 2026. Security professionals are urged to apply the patches immediately to mitigate potential exploitation.
Key Points: • Multiple vulnerabilities in tar affect Ubuntu and Mageia systems. • Attackers can exploit these flaws to overwrite files or inject hidden malicious files. • Patches for the vulnerabilities were released on June 2, 2026.