Ubuntu USN · USN-8477-1

tar vulnerability

Published: Thu, 25 Jun 2026 20:57

CVE-2026-5704

Summary

tar could be made to overwrite files if it opened a specially crafted archive.

Details

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms.

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu bionic

tar→1.29b-2ubuntu0.4+esm2apt_upgrade
Standard apt upgrade. Install 1.29b-2ubuntu0.4+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar→1.29b-2ubuntu0.4+esm2apt_upgrade
Standard apt upgrade. Install 1.29b-2ubuntu0.4+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar-scripts→1.29b-2ubuntu0.4+esm2apt_upgrade
Standard apt upgrade. Install 1.29b-2ubuntu0.4+esm2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar-scripts
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu focal

tar→1.30+dfsg-7ubuntu0.20.04.4+esm1apt_upgrade
Standard apt upgrade. Install 1.30+dfsg-7ubuntu0.20.04.4+esm1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar→1.30+dfsg-7ubuntu0.20.04.4+esm1apt_upgrade
Standard apt upgrade. Install 1.30+dfsg-7ubuntu0.20.04.4+esm1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar-scripts→1.30+dfsg-7ubuntu0.20.04.4+esm1apt_upgrade
Standard apt upgrade. Install 1.30+dfsg-7ubuntu0.20.04.4+esm1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar-scripts
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu jammy

tar→1.34+dfsg-1ubuntu0.1.22.04.3apt_upgrade
Standard apt upgrade. Install 1.34+dfsg-1ubuntu0.1.22.04.3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar→1.34+dfsg-1ubuntu0.1.22.04.3apt_upgrade
Standard apt upgrade. Install 1.34+dfsg-1ubuntu0.1.22.04.3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar-scripts→1.34+dfsg-1ubuntu0.1.22.04.3apt_upgrade
Standard apt upgrade. Install 1.34+dfsg-1ubuntu0.1.22.04.3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar-scripts
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

tar→1.35+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 1.35+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar→1.35+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 1.35+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar-scripts→1.35+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 1.35+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar-scripts
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

tar→1.35+dfsg-4ubuntu0.1apt_upgrade
Standard apt upgrade. Install 1.35+dfsg-4ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar→1.35+dfsg-4ubuntu0.1apt_upgrade
Standard apt upgrade. Install 1.35+dfsg-4ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar-scripts→1.35+dfsg-4ubuntu0.1apt_upgrade
Standard apt upgrade. Install 1.35+dfsg-4ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar-scripts
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu trusty

tar→1.27.1-1ubuntu0.1+esm5apt_upgrade
Standard apt upgrade. Install 1.27.1-1ubuntu0.1+esm5 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar→1.27.1-1ubuntu0.1+esm5apt_upgrade
Standard apt upgrade. Install 1.27.1-1ubuntu0.1+esm5 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar-scripts→1.27.1-1ubuntu0.1+esm5apt_upgrade
Standard apt upgrade. Install 1.27.1-1ubuntu0.1+esm5 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar-scripts
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu xenial

tar→1.28-2.1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 1.28-2.1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar→1.28-2.1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 1.28-2.1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
tar-scripts→1.28-2.1ubuntu0.2+esm4apt_upgrade
Standard apt upgrade. Install 1.28-2.1ubuntu0.2+esm4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y tar-scripts
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8477-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8477-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Read the bash source first

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.

Start free trial →See StackPatch →Live audit log →