Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorymoderatesecurity issueRed Hat: RHSA-2022:0892-01 Moderate: Libarchive Security Update
An update for libarchive is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libarchive security update Advisory ID: RHSA-2022:0892-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0892 Issue date: 2022-03-15 CVE Names: CVE-2021-23177 CVE-2021-31566 ==================================================================== 1. Summary: An update for libarchive is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: extracting a symlink with ACLs modifies ACLs of target (CVE-2021-23177) * libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive (CVE-2021-31566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and otherrelated information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2024237 - CVE-2021-31566 libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive 2024245 - CVE-2021-23177 libarchive: extracting a symlink with ACLs modifies ACLs of target 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: libarchive-3.3.3-3.el8_5.src.rpm aarch64: bsdcat-debuginfo-3.3.3-3.el8_5.aarch64.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.aarch64.rpm bsdtar-3.3.3-3.el8_5.aarch64.rpm bsdtar-debuginfo-3.3.3-3.el8_5.aarch64.rpm libarchive-3.3.3-3.el8_5.aarch64.rpm libarchive-debuginfo-3.3.3-3.el8_5.aarch64.rpm libarchive-debugsource-3.3.3-3.el8_5.aarch64.rpm ppc64le: bsdcat-debuginfo-3.3.3-3.el8_5.ppc64le.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.ppc64le.rpm bsdtar-3.3.3-3.el8_5.ppc64le.rpm bsdtar-debuginfo-3.3.3-3.el8_5.ppc64le.rpm libarchive-3.3.3-3.el8_5.ppc64le.rpm libarchive-debuginfo-3.3.3-3.el8_5.ppc64le.rpm libarchive-debugsource-3.3.3-3.el8_5.ppc64le.rpm s390x: bsdcat-debuginfo-3.3.3-3.el8_5.s390x.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.s390x.rpm bsdtar-3.3.3-3.el8_5.s390x.rpm bsdtar-debuginfo-3.3.3-3.el8_5.s390x.rpm libarchive-3.3.3-3.el8_5.s390x.rpm libarchive-debuginfo-3.3.3-3.el8_5.s390x.rpm libarchive-debugsource-3.3.3-3.el8_5.s390x.rpm x86_64: bsdcat-debuginfo-3.3.3-3.el8_5.i686.rpm bsdcat-debuginfo-3.3.3-3.el8_5.x86_64.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.i686.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.x86_64.rpm bsdtar-3.3.3-3.el8_5.x86_64.rpm bsdtar-debuginfo-3.3.3-3.el8_5.i686.rpm bsdtar-debuginfo-3.3.3-3.el8_5.x86_64.rpm libarchive-3.3.3-3.el8_5.i686.rpm libarchive-3.3.3-3.el8_5.x86_64.rpm libarchive-debuginfo-3.3.3-3.el8_5.i686.rpm libarchive-debuginfo-3.3.3-3.el8_5.x86_64.rpm libarchive-debugsource-3.3.3-3.el8_5.i686.rpm libarchive-debugsource-3.3.3-3.el8_5.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: bsdcat-debuginfo-3.3.3-3.el8_5.aarch64.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.aarch64.rpm bsdtar-debuginfo-3.3.3-3.el8_5.aarch64.rpm libarchive-debuginfo-3.3.3-3.el8_5.aarch64.rpm libarchive-debugsource-3.3.3-3.el8_5.aarch64.rpm libarchive-devel-3.3.3-3.el8_5.aarch64.rpm ppc64le: bsdcat-debuginfo-3.3.3-3.el8_5.ppc64le.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.ppc64le.rpm bsdtar-debuginfo-3.3.3-3.el8_5.ppc64le.rpm libarchive-debuginfo-3.3.3-3.el8_5.ppc64le.rpm libarchive-debugsource-3.3.3-3.el8_5.ppc64le.rpm libarchive-devel-3.3.3-3.el8_5.ppc64le.rpm s390x: bsdcat-debuginfo-3.3.3-3.el8_5.s390x.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.s390x.rpm bsdtar-debuginfo-3.3.3-3.el8_5.s390x.rpm libarchive-debuginfo-3.3.3-3.el8_5.s390x.rpm libarchive-debugsource-3.3.3-3.el8_5.s390x.rpm libarchive-devel-3.3.3-3.el8_5.s390x.rpm x86_64: bsdcat-debuginfo-3.3.3-3.el8_5.i686.rpm bsdcat-debuginfo-3.3.3-3.el8_5.x86_64.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.i686.rpm bsdcpio-debuginfo-3.3.3-3.el8_5.x86_64.rpm bsdtar-debuginfo-3.3.3-3.el8_5.i686.rpm bsdtar-debuginfo-3.3.3-3.el8_5.x86_64.rpm libarchive-debuginfo-3.3.3-3.el8_5.i686.rpm libarchive-debuginfo-3.3.3-3.el8_5.x86_64.rpm libarchive-debugsource-3.3.3-3.el8_5.i686.rpm libarchive-debugsource-3.3.3-3.el8_5.x86_64.rpm libarchive-devel-3.3.3-3.el8_5.i686.rpm libarchive-devel-3.3.3-3.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYjCsHdzjgjWX9erEAQhhfg//c8azFu+Ohb8guIXMoFAd3oZTG/sAwrA4 Dkelkz8XIczxbKioWYj426ufsmT+8atPfdPF4R7W2rOmuGx5Nj5WC4MUNL9E8s+G B/3UZkIcI5bh/TxmR/P5mxVaJyVGy22KP5xG4cNXkBDs++Um67/ZdoUDVUVkAeH/ YPMEdk0YFz1Ai8lHmsJx9+QykrtSVeNs9mL8H7vPLh+i8w1AG4rAIv5MNmTdkj2S cF8mzNYAieXOr/Aj9kZIBkaubss2A02KJOi71qSnLzuVL1HQAdBHYqpLnq4RLdrP J2RRSGkvFw59HNZxN+7Vf0LR5bwzWU31/KuSMfnCdN1E3ee7gmkiJgYubsY/ejZ2 CnwRThtnXfUzfuD9bUnwDwqIkFnrkPAq0iAQR8F+/VNXH/FqBhOFay2ev2jHV9kn 03Odq7gGC6dNQlDBSPsnbgX/eLjEwSMVfgoF6EOrNF51M0yzpYCb5BkixhSh1c1Q VLmBhKT3qfZaq+yi2amY0hR/c5yzyl+LH+52P2WPe4OuIVS4xH8XO48tdApiBE1Q gVfYOjN81JwrQiqoU+aygXf4U2Fvj7Kd7eCyAnkFvSBuIOXGKzlcOgk5Q+RptV21 THNWQ7nxYFbB8eljoUcGY2QbjSu45YUvPWCjQiPLyeqOQHM2DhjTzCYAiJ4fxXR6 qsGG7ByKlYg=TjxV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 15, 2022
Red Hat
89
security advisoryfedorasoftware updateFedora 28 Security Advisory: perl-Archive-Tar Critical Directory Traversal
This release fixes CVE-2018-12015 vulnerability (a directory traversal). It also fixes creating a file with a trailing white space on the file name. It also allows to archive absolute path names and it speeds up extracting large archives.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-4e088b6d7c 2018-06-18 16:16:37.138580 --------------------------------------------------------------------------------Name : perl-Archive-Tar Product : Fedora 28 Version : 2.28 Release : 1.fc28 URL : https://metacpan.org/dist/Archive-Tar Summary : A module for Perl manipulation of .tar files Description : Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files. --------------------------------------------------------------------------------Update Information: This release fixes CVE-2018-12015 vulnerability (a directory traversal). It also fixes creating a file with a trailing white space on the file name. It also allows to archive absolute path names and it speeds up extracting large archives. --------------------------------------------------------------------------------ChangeLog: * Fri Jun 8 2018 Petr Pisar - 2.28-1 - 2.28 bump - Fixes CVE-2018-12015 (directory traversal) (bug #1588761) --------------------------------------------------------------------------------References: [ 1 ] Bug #1588760 - CVE-2018-12015 perl: Directory traversal in Archive::Tar https://bugzilla.redhat.com/show_bug.cgi?id=1588760 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-4e088b6d7c' at thecommand line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 18, 2018
•Critical
Fedora
89
security advisoryupdatecriticalFedora: php-pecl-zip 1.13.5 Critical Update for Bugs and Stability
**Version 1.13.5** - Fixed bug php#72660 (NULL Pointer dereference in zend_virtual_cwd). (Laruence) - Fixed bug php#68302 (impossible to compile php with zip support). (cmb) - Fixed bug php#70752 (Depacking with wrong password leaves 0 length files). (cmb). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-b9cb75981a 2016-10-22 12:48:07.766909 -------------------------------------------------------------------------------- Name : php-pecl-zip Product : Fedora 24 Version : 1.13.5 Release : 1.fc24 URL : Summary : A ZIP archive management extension Description : Zip is an extension to create and read zip files. -------------------------------------------------------------------------------- Update Information: **Version 1.13.5** - Fixed bug php#72660 (NULL Pointer dereference in zend_virtual_cwd). (Laruence) - Fixed bug php#68302 (impossible to compile php with zip support). (cmb) - Fixed bug php#70752 (Depacking with wrong password leaves 0 length files). (cmb) -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php-pecl-zip' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 22, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!