Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0386)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0386

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0386)

Resumen: The remote host is missing an update for the 'tar' package(s) announced via the MGASA-2016-0386 advisory.

Descripción: Summary:
The remote host is missing an update for the 'tar' package(s) announced via the MGASA-2016-0386 advisory.

Vulnerability Insight:
Harry Sintonen discovered that GNU tar does not properly handle member
names containing '..', thus allowing an attacker to bypass the path names
specified on the command line and replace files and directories in the
target directory (CVE-2016-6321).

Affected Software/OS:
'tar' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-6321
20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
http://seclists.org/fulldisclosure/2016/Oct/96
20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update
http://seclists.org/fulldisclosure/2016/Oct/102
93937
http://www.securityfocus.com/bid/93937
DSA-3702
http://www.debian.org/security/2016/dsa-3702
GLSA-201611-19
https://security.gentoo.org/glsa/201611-19
USN-3132-1
http://www.ubuntu.com/usn/USN-3132-1
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
[bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321
http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0386
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0386)
Resumen:	The remote host is missing an update for the 'tar' package(s) announced via the MGASA-2016-0386 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tar' package(s) announced via the MGASA-2016-0386 advisory. Vulnerability Insight: Harry Sintonen discovered that GNU tar does not properly handle member names containing '..', thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory (CVE-2016-6321). Affected Software/OS: 'tar' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6321 20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) http://seclists.org/fulldisclosure/2016/Oct/96 20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update http://seclists.org/fulldisclosure/2016/Oct/102 93937 http://www.securityfocus.com/bid/93937 DSA-3702 http://www.debian.org/security/2016/dsa-3702 GLSA-201611-19 https://security.gentoo.org/glsa/201611-19 USN-3132-1 http://www.ubuntu.com/usn/USN-3132-1 [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E [bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321 http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Copyright	Copyright (C) 2022 Greenbone AG