SUSE-SU-2016:2895-1

Опубликовано: 24 нояб. 2016

Источник: suse-cvrf

Описание

Security update for tar

This update for tar fixes the following issues:

Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321]

Список пакетов

SUSE Linux Enterprise Server 11 SP4

tar-1.26-1.2.10.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

tar-1.26-1.2.10.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20162895-1/
Link for SUSE-SU-2016:2895-1
https://lists.suse.com/pipermail/sle-security-updates/2016-November/002416.html
E-Mail link for SUSE-SU-2016:2895-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1007188
SUSE Bug 1007188
https://www.suse.com/security/cve/CVE-2016-6321/
SUSE CVE CVE-2016-6321 page

Описание

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:tar-1.26-1.2.10.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:tar-1.26-1.2.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-6321.html
CVE-2016-6321
https://bugzilla.suse.com/1007188
SUSE Bug 1007188
https://bugzilla.suse.com/1123796
SUSE Bug 1123796

SUSE-SU-2016:2895-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

Ссылки

Уязвимость: CVE-2016-6321

Описание

Затронутые продукты

Ссылки