FS#51641 : [tar] [Security] arbitrary file overwrite (CVE-2016-6321)

FS#51641 - [tar] [Security] arbitrary file overwrite (CVE-2016-6321)

Attached to Project: Arch Linux
Opened by Remi Gacogne (rgacogne) - Wednesday, 02 November 2016, 12:55 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 02 November 2016, 13:03 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Hi,

It has been reported that tar is vulnerable to arbitrary file overwrite via CVE-2016-6321 [1]. A fix has been committed upstream [2] but no new version released yet, so we might want to backport the patch for the time being.

[1]: http://seclists.org/fulldisclosure/2016/Oct/96
[2]: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d

This task depends upon

Closed by Levente Polyak (anthraxx)
Wednesday, 02 November 2016, 13:03 GMT
Reason for closing: Duplicate
Additional comments about closing: ~~FS#51563~~

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#51641 - [tar] [Security] arbitrary file overwrite (CVE-2016-6321)

Details

Loading...