Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 620012 - app-arch/tar-1.29-r1 CVE-2016-6321
Summary: app-arch/tar-1.29-r1 CVE-2016-6321
Status: RESOLVED DUPLICATE of bug 598334
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-28 12:20 UTC by Andrey Ovcharov
Modified: 2017-05-29 08:55 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
tar-1.29-r1-CVE-2016-6321.diff (tar-1.29-r1-CVE-2016-6321.diff,1.16 KB, patch)
2017-05-28 12:20 UTC, Andrey Ovcharov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Ovcharov 2017-05-28 12:20:56 UTC
Created attachment 474574 [details, diff]
tar-1.29-r1-CVE-2016-6321.diff

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321


"Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER."
Comment 1 Agostino Sarubbo gentoo-dev 2017-05-29 08:55:04 UTC

*** This bug has been marked as a duplicate of bug 598334 ***