Ubuntu Security Update USN-8477-2: tar regression

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,928
Reaction score
94
Credits
-1,257
USN-8477-1 fixed a vulnerability in tar. The update introduced a regression that could cause tar to fail to extract certain valid files. This update fixes the problem. Original advisory details: It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms.

Continue reading...
 


Follow Linux.org

Staff online

Members online


Top