Bug 1318562 (CVE-2016-6321)
Summary: | CVE-2016-6321 tar: Bypassing the extract path name | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | carnil, praiskup, sardella, scorneli, security-response-team, sgrubb, slawomir |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:49:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1389192 | ||
Bug Blocks: | 1318564 |
Description
Adam Mariš
2016-03-17 09:03:30 UTC
Acknowledgments: Name: Harry Sintonen Mitigation: Use the "star" utility provided by the "star" package to process archives from untrusted sources. Statement: Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw. This issue did not affect the versions of star as shipped with Red Hat Enterprise Linux 5, 6, and 7. Created tar tracking bugs for this issue: Affects: fedora-all [bug 1389192] Public via: http://seclists.org/fulldisclosure/2016/Oct/96 Patch for this issue has been updated according to the researcher: http://seclists.org/fulldisclosure/2016/Oct/102 |