Package tar updated to version 1.29.0.19.d061-alt1 for branch sisyphus in task 180607.

Published: 2016-09-12

BDU:2019-03749

Уязвимость функции safer_name_suffix архиватора GNU Tar, позволяющая нарушителю обойти предполагаемый механизм защиты и произвести запись в произвольные файлы

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

CVE-2016-6321

Published: 2016-12-10
Modified: 2024-11-21

CVE-2016-6321

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Version: 2.1.0

Package tar update in sisyphus on 2017-03-21

ALT-PU-2017-1324-1

Closed vulnerabilities

BDU:2019-03749

CVE-2016-6321