https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart <cbuissar(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|0607,reported=20180607,sour |0607,reported=20180607,sour
|ce=cve,cvss3=3.3/CVSS:3.0/A |ce=cve,cvss3=5.4/CVSS:3.0/A
|V:L/AC:L/PR:N/UI:R/S:U/C:N/ |V:N/AC:L/PR:N/UI:R/S:U/C:N/
|I:L/A:N,cwe=CWE-22,fedora-a |I:L/A:L,cwe=CWE-22,fedora-a
|ll/perl-Archive-Tar=affecte |ll/perl-Archive-Tar=affecte
|d,rhel-5/perl-Archive-Tar=w |d,rhel-5/perl-Archive-Tar=w
|ontfix,rhel-6/perl=wontfix, |ontfix,rhel-6/perl=wontfix,
|rhel-7/perl-Archive-Tar=aff |rhel-7/perl-Archive-Tar=aff
|ected,rhel-8/perl-Archive-T |ected,rhel-8/perl-Archive-T
|ar=notaffected,rhscl-3/rh-p |ar=notaffected,rhscl-3/rh-p
|erl526-perl-Archive-Tar=aff |erl526-perl-Archive-Tar=aff
|ected,rhscl-3/rh-perl524-pe |ected,rhscl-3/rh-perl524-pe
|rl-Archive-Tar=affected,rhs |rl-Archive-Tar=affected,rhs
|cl-3/rh-perl520-perl-Archiv |cl-3/rh-perl520-perl-Archiv
|e-Tar=wontfix |e-Tar=wontfix
--- Doc Text *updated* ---
It was found that the Archive::Tar module did not properly sanitize symbolic links when
extracting tar archives. An attacker able to provide a specially crafted archive for
processing could use this flaw to write or overwrite arbitrary files in the context of the
perl interpreter.
--
You are receiving this mail because:
You are on the CC list for the bug.