Bug 35490 - CVE-2018-12015
Summary: CVE-2018-12015
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: perl-base (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: viy
QA Contact: qa-sisyphus
URL: https://www.cvedetails.com/cve/CVE-20...
Keywords: security
Depends on:
Blocks:
 
Reported: 2018-10-08 19:42 MSK by Michael Shigorin
Modified: 2019-12-05 20:46 MSK (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Shigorin 2018-10-08 19:42:00 MSK
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. 

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
Comment 1 viy 2019-12-05 20:46:53 MSK
fixed in perl 5.28+