ArchLinux: 201903-7: pacman: arbitrary code execution

    Date11 Mar 2019
    Posted ByLinuxSecurity Advisories
    The package pacman before version 5.1.3-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201903-7
    Severity: High
    Date    : 2019-03-11
    CVE-ID  : CVE-2019-9686
    Package : pacman
    Type    : arbitrary code execution
    Remote  : Yes
    Link    :
    The package pacman before version 5.1.3-1 is vulnerable to arbitrary
    code execution.
    Upgrade to 5.1.3-1.
    # pacman -Syu "pacman>=5.1.3-1"
    The problem has been fixed upstream in version 5.1.3.
    pacman prior to version 5.1.3 allows directory traversal when
    installing a remote package via a specified URL "pacman -U " due
    to an unsanitized file name received from a Content-Disposition header.
    pacman renames the downloaded package file to match the name given in
    this header. However, pacman did not sanitize this name, which may
    contain slashes, before calling rename(). A malicious server (or a
    network MitM if downloading over HTTP) can send a Content-Disposition
    header to make pacman place the file anywhere in the filesystem,
    potentially leading to arbitrary root code execution. Notably, this
    bypasses pacman's package signature checking. This occurs in
    curl_download_internal in lib/libalpm/dload.c.
    A remote attacker in the position of man-in-the-middle or a malicious
    server is able to execute arbitrary code as root when a user installs a
    remote package via a specified URL.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.