Download
| Alert*
oval:org.secpod.oval:def:1800727
GNU `tar" archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name specified on the command line. Affected versions tar 1.14 to 1.29 oval:org.secpod.oval:def:1800815 GNU `tar" archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name specified on the command line. Affected versions: tar 1.14 to 1.29 oval:org.secpod.oval:def:89045178 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name specified on the command line [bsc#1007188] [CVE-2016-6321] - Fix Amanda integration iss ... oval:org.secpod.oval:def:89045166 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name specified on the command line [bsc#1007188] [CVE-2016-6321] oval:org.secpod.oval:def:51671 tar: GNU version of the tar archiving utility tar could be made to overwrite files. |