2024-06-26
ALT-BU-2024-9353-1
Branch p9 update bulletin.
Closed vulnerabilities
Published: 2007-08-27
BDU:2022-05975
Уязвимость функций extract и extractall модуля tarfile интерпретатора языка программирования Python, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2007-08-28
Modified: 2025-01-17
Modified: 2025-01-17
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Severity: MEDIUM (6.8)
References:
- [python-dev] 20070824 tarfile and directory traversal vulnerability
- [python-dev] 20070824 tarfile and directory traversal vulnerability
- [python-dev] 20070825 tarfile and directory traversal vulnerability
- [python-dev] 20070825 tarfile and directory traversal vulnerability
- 26623
- 26623
- ADV-2007-3022
- ADV-2007-3022
- https://bugzilla.redhat.com/show_bug.cgi?id=263261
- https://bugzilla.redhat.com/show_bug.cgi?id=263261
- FEDORA-2024-ebb3c95344
- FEDORA-2024-ebb3c95344
- FEDORA-2024-d1f1084584
- FEDORA-2024-d1f1084584
- FEDORA-2024-46374d2703
- FEDORA-2024-46374d2703
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/
- GLSA-202309-06
- GLSA-202309-06