Security update for tar
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:2874-1
Final
1
1
2016-11-22T13:57:17Z
current
2016-11-22T13:57:17Z
2016-11-22T13:57:17Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for tar
This update for tar fixes the following issues:
- extract files recursively with --files-from [boo#913058]
- Fix POINTYFEATHER
vulnerability - GNU tar archiver can be tricked into extracting
files and directories in the given destination, regardless of the
path name(s) specified on the command line [boo#1007188]
[CVE-2016-6321]
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
http://lists.opensuse.org/opensuse-updates/2016-11/msg00094.html
E-Mail link for openSUSE-SU-2016:2874-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE 13.2
tar-1.28-2.19.1
tar-backup-scripts-1.28-2.19.1
tar-debuginfo-1.28-2.19.1
tar-debugsource-1.28-2.19.1
tar-lang-1.28-2.19.1
tar-tests-1.28-2.19.1
tar-tests-debuginfo-1.28-2.19.1
tar-1.28-2.19.1 as a component of openSUSE 13.2
tar-backup-scripts-1.28-2.19.1 as a component of openSUSE 13.2
tar-debuginfo-1.28-2.19.1 as a component of openSUSE 13.2
tar-debugsource-1.28-2.19.1 as a component of openSUSE 13.2
tar-lang-1.28-2.19.1 as a component of openSUSE 13.2
tar-tests-1.28-2.19.1 as a component of openSUSE 13.2
tar-tests-debuginfo-1.28-2.19.1 as a component of openSUSE 13.2
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
CVE-2016-6321
openSUSE 13.2:tar-1.28-2.19.1
openSUSE 13.2:tar-backup-scripts-1.28-2.19.1
openSUSE 13.2:tar-debuginfo-1.28-2.19.1
openSUSE 13.2:tar-debugsource-1.28-2.19.1
openSUSE 13.2:tar-lang-1.28-2.19.1
openSUSE 13.2:tar-tests-1.28-2.19.1
openSUSE 13.2:tar-tests-debuginfo-1.28-2.19.1
moderate
2.5
AV:N/AC:H/Au:N/C:N/I:P/A:N
Please Install the update.
http://lists.opensuse.org/opensuse-updates/2016-11/msg00094.html
https://www.suse.com/security/cve/CVE-2016-6321.html
CVE-2016-6321
https://bugzilla.suse.com/1007188
SUSE Bug 1007188