Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. References: https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/ https://security.gentoo.org/glsa/202101-23 https://www.drupal.org/sa-core-2021-001 Upstream commit: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6541 https://access.redhat.com/errata/RHSA-2022:6541
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6542 https://access.redhat.com/errata/RHSA-2022:6542
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7340 https://access.redhat.com/errata/RHSA-2022:7340