drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in perl
Name: |
Überschreiben von Dateien in perl |
|
ID: |
DSA-4226-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Di, 12. Juni 2018, 07:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015 |
|
Applikationen: |
Perl |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4226-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 12, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : perl CVE ID : CVE-2018-12015 Debian Bug : 900834
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.
For the oldstable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u11.
For the stable distribution (stretch), this problem has been fixed in version 5.24.1-3+deb9u4.
We recommend that you upgrade your perl packages.
For the detailed security status of perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/perl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsfUF9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R0vw/8C8JM4x+DX3SAMCQsP0jLshcMMLZ4HJ/3aloi/3+cfzyJO4J/DOaxM4BA cPEW5HdcuGWKcAJl/SMy5j94RdIlYgh08lQDEbJwCgxxmVlzC1e7LgSdxFuqTTSb uRAdTvEpDj5s+tTLKWkZrr6WALrs/yg+RFsxtbZ7NvgFu1Uj3HGHpav0ylQY8YRR yaq43eLvFp/znPrXkAeja7pY0hPLAaSkxN7NuMM/osJ/sKiTzpXeinQoxIc5qCqC lhso86lb+hq6iZ7T78nUbe+jb/a3K+feAfXsCjdYI37tMgNRE4EosWKREhp0h1J7 WqvXvQpxlbwd4Ilf6SnKmhUcrtC7NL/t7wIsmvsLU88rgmOOpOqlDbCPRVTsNVdq Ccx/+qZYc0d5Jiq0NHxRCpSU5W0TgoekOWs2C4jYTJ7dH/7IxWB6fe/VagHLhQAq D16UHe+3Y7RkLa+44Za4JHGzjURwwjYzbS+MOIZFHz6/hk+gZBvEIF//6AJgXtZL NMXzhOstl35abQ6EoR82nx71gYbVyG4022K3XWcUhX+UUeLAYv1+b3ZGVXHjBiQB mLnCwG+l7TdQyWDMWswrf/MT9k8BsmIUe9K0XXSRsr+NAXRzEQjMhiJJIwiFp0YG 8bTjHqaQuvrop7CwC/d9vtj7852ukAnnGL32FRQwDlu14gTarsM= =22Iz -----END PGP SIGNATURE-----
|
|
|
|