Bug 47292 - perl: Multiple issues (4.3)
perl: Multiple issues (4.3)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-1-errata
Assigned To: Quality Assurance
Philipp Hahn
Depends on:
  Show dependency treegraph
Reported: 2018-07-03 14:13 CEST by Philipp Hahn
Modified: 2018-07-04 14:54 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)


Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-07-03 14:13:35 CEST
New Debian perl 5.24.1-3+deb9u4 fixes:
This update addresses the following issue(s):

This update addresses the following issue(s):
CVE_2011-4116 is open
* In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. (CVE-2018-12015)

5.24.1-3+deb9u4 (Sun, 10 Jun 2018 18:37:28 +0100)
  * [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
    in Archive-Tar
* CVE-2018-12015 perl: Directory traversal in Archive::Tar (CVE-2018-12015)
Comment 1 Philipp Hahn univentionstaff 2018-07-03 16:39:56 CEST
[4.3-1] 8483dfbfd5 Bug #47292: perl 5.24.1-3+deb9u4
 doc/errata/staging/perl.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Comment 3 Arvid Requate univentionstaff 2018-07-04 14:54:06 CEST