Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: 202312-01 Security: Archive::Tar Path Manipulation Vulnerability

gentoo
Calendar Grey December 10, 2008
Dist Gentoo Esm H88
Warning: Directory exploitation identified in Archive::Tar on Gentoo Linux. Prompt update is recommended to reduce vulnerabilities.
A directory traversal vulnerability has been discovered in Archive::Tar.

Summary

Gentoo Linux Security Advisory GLSA 200812-10 https://security.gentoo.org/ Severity: Normal Title: Archive::Tar: Directory traversal vulnerability Date: December 10, 2008 Bugs: #192989 ID: 200812-10

Synopsis ======= A directory traversal vulnerability has been discovered in Archive::Tar.
Background ========= Archive::Tar is a Perl module for creation and manipulation of tar files.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 perl-core/Archive-Tar < 1.40 >= 1.40
========== Jonathan Smith of rPath reported that Archive::Tar does not check for ".." in file names.
Impact ===== A remote attacker could entice a user or automated system to extract a specially ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo directory traversal remote threat perl module normal severity archive tar

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo directory traversal remote threat perl module normal severity archive tar

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here