Univention Bugzilla – Bug 47550
perl: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:43 CEST
New Debian perl 5.20.2-3+deb8u11 fixes: This update addresses the following issue(s): * CVE_2011-4116 is open CVE_2018-6797 is open * In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. (CVE-2018-12015) TEMP-0769606-4AA6CF is open 5.20.2-3+deb8u11 (Sun, 10 Jun 2018 18:40:37 +0100) * [SECURITY] CVE-2018-12015: fix directory traversal vulnerability in Archive-Tar * CVE-2018-12015 perl: Directory traversal in Archive::Tar (CVE-2018-12015)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/perl_5.20.2-3+deb8u10.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/perl_5.20.2-3+deb8u11.dsc @@ -1,3 +1,8 @@ +5.20.2-3+deb8u11 [Sun, 10 Jun 2018 18:40:37 +0100] Dominic Hargreaves <dom@earth.li>: + + * [SECURITY] CVE-2018-12015: fix directory traversal vulnerability + in Archive-Tar (Closes: #900834) + 5.20.2-3+deb8u10 [Sat, 10 Mar 2018 20:36:19 +0200] Niko Tyni <ntyni@debian.org>: * [SECURITY] CVE-2018-6913: heap buffer overflow with large data blocks. <http://10.200.17.11/4.2-4/#6361311711572053620>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 2a64e2a215 Bug #47550: perl 5.20.2-3+deb8u11 doc/errata/staging/perl.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<http://errata.software-univention.de/ucs/4.2/472.html>