A user does not expect tar to allow absolute path names unless the -P
option is given.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, 2007-08-24 at 11:35 +0200, Luca Bruno wrote:
> Package: tar
> Version: 1.18-1
> Severity: grave
Why does this merit a 'grave' severity when there is no apparent priv
escalation involved?
Bdale
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Con
Package: tar
Version: 1.18-1
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- From CVE-2007-4131:
"The vulnerability is caused due to an input validation error when
extracting tar archives. This can be exploited to extract files to
arbitrary locations outside t
3 matches
Mail list logo
