Описание
Security update for tar
This update for tar fixes the following issues:
- Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321]
- Fix Amanda integration issue (bsc#913058)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
tar-1.27.1-11.1
tar-lang-1.27.1-11.1
SUSE Linux Enterprise Desktop 12 SP2
tar-1.27.1-11.1
tar-lang-1.27.1-11.1
SUSE Linux Enterprise Server 12 SP1
tar-1.27.1-11.1
tar-lang-1.27.1-11.1
SUSE Linux Enterprise Server 12 SP2
tar-1.27.1-11.1
tar-lang-1.27.1-11.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
tar-1.27.1-11.1
tar-lang-1.27.1-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
tar-1.27.1-11.1
tar-lang-1.27.1-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
tar-1.27.1-11.1
tar-lang-1.27.1-11.1
Ссылки
- Link for SUSE-SU-2016:2896-1
- E-Mail link for SUSE-SU-2016:2896-1
- SUSE Security Ratings
- SUSE Bug 1007188
- SUSE Bug 913058
- SUSE CVE CVE-2016-6321 page
Описание
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:tar-1.27.1-11.1
SUSE Linux Enterprise Desktop 12 SP1:tar-lang-1.27.1-11.1
SUSE Linux Enterprise Desktop 12 SP2:tar-1.27.1-11.1
SUSE Linux Enterprise Desktop 12 SP2:tar-lang-1.27.1-11.1
Ссылки
- CVE-2016-6321
- SUSE Bug 1007188
- SUSE Bug 1123796