Ubuntu Security Update USN-8367-1: tar-fs vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,740
Reaction score
74
Credits
-1,257
It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this issue to write or overwrite files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-12905) It was discovered that tar-fs did not properly validate extraction paths for certain crafted tar archives. An attacker could possibly use this issue to write files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-48387) It was discovered that tar-fs had a symlink validation bypass when extracting crafted tar files. An attacker could possibly use this issue to write files outside the intended extraction directory. (CVE-2025-59343)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8138-2: tar-rs vulnerability
Replies
0
Views
92
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8138-1: tar-rs vulnerability
Replies
0
Views
96
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8168-2: Rust vulnerability
Replies
0
Views
113
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8168-1: Rust vulnerability
Replies
0
Views
105
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8303-1: GitPython vulnerabilities
Replies
0
Views
66
LinuxBot
LinuxBot


Follow Linux.org

Staff online

Members online

Total: 2,523 (members: 7, guests: 2,516)

Latest posts

Top