Mageia 8: 2022-0103 Moderate: Nodejs-Tar Code Execution Risks
mageia
March 21, 2022
Untrusted tar file to symlink into an arbitrary location allowing file overwrites
Summary
Untrusted tar file to symlink into an arbitrary location allowing file
overwrites. (CVE-2021-37712)
Arbitrary file creation/overwrite and arbitrary code execution.
(CVE-2021-37701)
Arbitrary File Creation/Overwrite vulnerability via insufficient symlink
protection. (CVE-2021-32803)
Arbitrary File Creation/Overwrite vulnerability due to insufficient
absolute path sanitization (CVE-2021-32804)
References
- https://bugs.mageia.org/show_bug.cgi?id=29656
- https://lists.debian.org/debian-security-announce/2021/msg00194.html
- https://www.cve.org/CVERecord?id=CVE-2021-32803
- https://www.cve.org/CVERecord?id=CVE-2021-32804
- https://www.cve.org/CVERecord?id=CVE-2021-37701
- https://www.cve.org/CVERecord?id=CVE-2021-37712
Resolution
SRPMS
- 8/core/nodejs-tar-6.0.5-1.1.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 21 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0103.html
Type: security
CVE: CVE-2021-32803,
CVE-2021-32804,
CVE-2021-37701,
CVE-2021-37712
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!