Описание
Security update for tar
This update for tar fixes the following issues:
- Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321]
- Fix Amanda integration issue (bsc#913058)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
tar-1.27.1-8.1
tar-backup-scripts-1.27.1-8.1
tar-lang-1.27.1-8.1
tar-tests-1.27.1-8.1
openSUSE Leap 42.2
tar-1.27.1-8.1
tar-backup-scripts-1.27.1-8.1
tar-lang-1.27.1-8.1
tar-tests-1.27.1-8.1
Ссылки
- E-Mail link for openSUSE-SU-2016:3003-1
- SUSE Security Ratings
Описание
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Затронутые продукты
openSUSE Leap 42.1:tar-1.27.1-8.1
openSUSE Leap 42.1:tar-backup-scripts-1.27.1-8.1
openSUSE Leap 42.1:tar-lang-1.27.1-8.1
openSUSE Leap 42.1:tar-tests-1.27.1-8.1
Ссылки
- CVE-2016-6321
- SUSE Bug 1007188
- SUSE Bug 1123796