Red Hat Product Errata RHSA-2026:0434 - Security Advisory
Issued:
2026-01-12
Updated:
2026-01-12

RHSA-2026:0434 - Security Advisory

Synopsis

Moderate: tar security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tar is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GNU tar program can save multiple files in an archive and restore files from an archive.

Security Fix(es):

  • tar: Tar path traversal (CVE-2025-45582)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
x86_64
tar-1.34-6.el9_4.3.x86_64.rpm SHA-256: 6aac176e75d7ac9a6d5853367a6e399d172a8b51ac9d25739c0e3b69e9704392
tar-debuginfo-1.34-6.el9_4.3.x86_64.rpm SHA-256: c0bc46b59c2e4724341097cc0218f73d3fb925ed9bb613e4e8dfac9db72bcb98
tar-debugsource-1.34-6.el9_4.3.x86_64.rpm SHA-256: f2ccbbaf4f47bbee4eb7904a4d616cffb41dcd3fa47d909bcb1be756061b3067

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
x86_64
tar-1.34-6.el9_4.3.x86_64.rpm SHA-256: 6aac176e75d7ac9a6d5853367a6e399d172a8b51ac9d25739c0e3b69e9704392
tar-debuginfo-1.34-6.el9_4.3.x86_64.rpm SHA-256: c0bc46b59c2e4724341097cc0218f73d3fb925ed9bb613e4e8dfac9db72bcb98
tar-debugsource-1.34-6.el9_4.3.x86_64.rpm SHA-256: f2ccbbaf4f47bbee4eb7904a4d616cffb41dcd3fa47d909bcb1be756061b3067

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
s390x
tar-1.34-6.el9_4.3.s390x.rpm SHA-256: 4ab845e0d59e3914101bb7e72e82a6186a4a675ba783e972fe000d5fbc514cdc
tar-debuginfo-1.34-6.el9_4.3.s390x.rpm SHA-256: e368a3d5f31f9b03423dc00161ea95dca5855ef58d239c3fdc36c5145fc5aa76
tar-debugsource-1.34-6.el9_4.3.s390x.rpm SHA-256: c4714bb2e96e2d043a2456acc6f75acf22eb0acea59bbe27b53bd2001d124fda

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
ppc64le
tar-1.34-6.el9_4.3.ppc64le.rpm SHA-256: 0448c307c93868694042c0b49785f8f8d323407a6ec3d70f2538d18cff5a24f6
tar-debuginfo-1.34-6.el9_4.3.ppc64le.rpm SHA-256: 0741fdda9239ea5c65469f6f16c5e60afc7cae247f49f8995cb3a3e6405153a9
tar-debugsource-1.34-6.el9_4.3.ppc64le.rpm SHA-256: cb0d466e3f5e1bcb64d7234286ed0a1c158ce7f59535ccdaac4027d12078a838

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
aarch64
tar-1.34-6.el9_4.3.aarch64.rpm SHA-256: f963bf755cc2d8a4635fdefd3a32352e3eb91aec902d5772f01335c35135d377
tar-debuginfo-1.34-6.el9_4.3.aarch64.rpm SHA-256: 783a7dc6ca7620fa35ae49c5e11a4b1c2cd7b92ca0a8153133e52f27ebab9261
tar-debugsource-1.34-6.el9_4.3.aarch64.rpm SHA-256: 624e04318b03873d0477eaea9861888af21d52c838deafa49e36845e969f4b26

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
ppc64le
tar-1.34-6.el9_4.3.ppc64le.rpm SHA-256: 0448c307c93868694042c0b49785f8f8d323407a6ec3d70f2538d18cff5a24f6
tar-debuginfo-1.34-6.el9_4.3.ppc64le.rpm SHA-256: 0741fdda9239ea5c65469f6f16c5e60afc7cae247f49f8995cb3a3e6405153a9
tar-debugsource-1.34-6.el9_4.3.ppc64le.rpm SHA-256: cb0d466e3f5e1bcb64d7234286ed0a1c158ce7f59535ccdaac4027d12078a838

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
x86_64
tar-1.34-6.el9_4.3.x86_64.rpm SHA-256: 6aac176e75d7ac9a6d5853367a6e399d172a8b51ac9d25739c0e3b69e9704392
tar-debuginfo-1.34-6.el9_4.3.x86_64.rpm SHA-256: c0bc46b59c2e4724341097cc0218f73d3fb925ed9bb613e4e8dfac9db72bcb98
tar-debugsource-1.34-6.el9_4.3.x86_64.rpm SHA-256: f2ccbbaf4f47bbee4eb7904a4d616cffb41dcd3fa47d909bcb1be756061b3067

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
aarch64
tar-1.34-6.el9_4.3.aarch64.rpm SHA-256: f963bf755cc2d8a4635fdefd3a32352e3eb91aec902d5772f01335c35135d377
tar-debuginfo-1.34-6.el9_4.3.aarch64.rpm SHA-256: 783a7dc6ca7620fa35ae49c5e11a4b1c2cd7b92ca0a8153133e52f27ebab9261
tar-debugsource-1.34-6.el9_4.3.aarch64.rpm SHA-256: 624e04318b03873d0477eaea9861888af21d52c838deafa49e36845e969f4b26

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
s390x
tar-1.34-6.el9_4.3.s390x.rpm SHA-256: 4ab845e0d59e3914101bb7e72e82a6186a4a675ba783e972fe000d5fbc514cdc
tar-debuginfo-1.34-6.el9_4.3.s390x.rpm SHA-256: e368a3d5f31f9b03423dc00161ea95dca5855ef58d239c3fdc36c5145fc5aa76
tar-debugsource-1.34-6.el9_4.3.s390x.rpm SHA-256: c4714bb2e96e2d043a2456acc6f75acf22eb0acea59bbe27b53bd2001d124fda

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
x86_64
tar-1.34-6.el9_4.3.x86_64.rpm SHA-256: 6aac176e75d7ac9a6d5853367a6e399d172a8b51ac9d25739c0e3b69e9704392
tar-debuginfo-1.34-6.el9_4.3.x86_64.rpm SHA-256: c0bc46b59c2e4724341097cc0218f73d3fb925ed9bb613e4e8dfac9db72bcb98
tar-debugsource-1.34-6.el9_4.3.x86_64.rpm SHA-256: f2ccbbaf4f47bbee4eb7904a4d616cffb41dcd3fa47d909bcb1be756061b3067

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
aarch64
tar-1.34-6.el9_4.3.aarch64.rpm SHA-256: f963bf755cc2d8a4635fdefd3a32352e3eb91aec902d5772f01335c35135d377
tar-debuginfo-1.34-6.el9_4.3.aarch64.rpm SHA-256: 783a7dc6ca7620fa35ae49c5e11a4b1c2cd7b92ca0a8153133e52f27ebab9261
tar-debugsource-1.34-6.el9_4.3.aarch64.rpm SHA-256: 624e04318b03873d0477eaea9861888af21d52c838deafa49e36845e969f4b26

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
ppc64le
tar-1.34-6.el9_4.3.ppc64le.rpm SHA-256: 0448c307c93868694042c0b49785f8f8d323407a6ec3d70f2538d18cff5a24f6
tar-debuginfo-1.34-6.el9_4.3.ppc64le.rpm SHA-256: 0741fdda9239ea5c65469f6f16c5e60afc7cae247f49f8995cb3a3e6405153a9
tar-debugsource-1.34-6.el9_4.3.ppc64le.rpm SHA-256: cb0d466e3f5e1bcb64d7234286ed0a1c158ce7f59535ccdaac4027d12078a838

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
tar-1.34-6.el9_4.3.src.rpm SHA-256: 98bd1594cff14c803d08209c2651f0324cdee268f8c1ddd81e6d03a1c5dadab3
s390x
tar-1.34-6.el9_4.3.s390x.rpm SHA-256: 4ab845e0d59e3914101bb7e72e82a6186a4a675ba783e972fe000d5fbc514cdc
tar-debuginfo-1.34-6.el9_4.3.s390x.rpm SHA-256: e368a3d5f31f9b03423dc00161ea95dca5855ef58d239c3fdc36c5145fc5aa76
tar-debugsource-1.34-6.el9_4.3.s390x.rpm SHA-256: c4714bb2e96e2d043a2456acc6f75acf22eb0acea59bbe27b53bd2001d124fda

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.