USN-8477-2: tar regression

Publication date

16 July 2026

Overview

USN-8477-1 introduced a regression in tar


Packages

  • tar - GNU tar archive utility

Details

USN-8477-1 fixed a vulnerability in tar. The update introduced a regression
that could cause tar to fail to extract certain valid files.
This update fixes the problem.

Original advisory details:

It was discovered that tar incorrectly handled certain crafted archive files.
An attacker could possibly use this to inject hidden files with
attacker-controlled content, bypassing pre-extraction inspection mechanisms.

USN-8477-1 fixed a vulnerability in tar. The update introduced a regression
that could cause tar to fail to extract certain valid files.
This update fixes the problem.

Original advisory details:

It was discovered that tar incorrectly handled certain crafted archive files.
An attacker could possibly use this to inject hidden files with
attacker-controlled content, bypassing pre-extraction inspection mechanisms.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
26.04 LTS resolute tar –  1.35+dfsg-4ubuntu0.3
24.04 LTS noble tar –  1.35+dfsg-3ubuntu0.3
22.04 LTS jammy tar –  1.34+dfsg-1ubuntu0.1.22.04.5
20.04 LTS focal tar –  1.30+dfsg-7ubuntu0.20.04.4+esm2  
18.04 LTS bionic tar –  1.29b-2ubuntu0.4+esm3  
16.04 LTS xenial tar –  1.28-2.1ubuntu0.2+esm5  
14.04 LTS trusty tar –  1.27.1-1ubuntu0.1+esm6  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›