Download
| Alert*
oval:org.secpod.oval:def:1800815
GNU `tar" archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name specified on the command line. Affected versions: tar 1.14 to 1.29 oval:org.secpod.oval:def:1800727 GNU `tar" archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name specified on the command line. Affected versions tar 1.14 to 1.29 oval:org.secpod.oval:def:2100862 Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. oval:org.secpod.oval:def:1000466 The remote host is missing a patch 139099-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89045178 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name specified on the command line [bsc#1007188] [CVE-2016-6321] - Fix Amanda integration iss ... oval:org.secpod.oval:def:1000479 The remote host is missing a patch 139100-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89045166 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name specified on the command line [bsc#1007188] [CVE-2016-6321] oval:org.secpod.oval:def:602656 Harry Sintonen discovered that GNU tar does not properly handle member names containing "..", thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory. oval:org.secpod.oval:def:703359 tar: GNU version of the tar archiving utility tar could be made to overwrite files. oval:org.secpod.oval:def:51671 tar: GNU version of the tar archiving utility tar could be made to overwrite files. |