https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Bug ID: 1588760
Summary: CVE-2018-12015 perl: Directory traversal in
Archive::Tar
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: alexl(a)redhat.com, caillon+fedoraproject(a)gmail.com,
iarnell(a)gmail.com, jplesnik(a)redhat.com, kasal(a)ucw.cz,
mbarnes(a)fastmail.com, mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rhughes(a)redhat.com,
sandmann(a)redhat.com, tcallawa(a)redhat.com
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to
bypass a directory-traversal protection mechanism, and overwrite arbitrary
files, via an archive file containing a symlink and a regular file with the
same name.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
--
You are receiving this mail because:
You are on the CC list for the bug.