GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jun 15, 2020 5:26 pm Post subject: [ GLSA 202006-14 ] PEAR Archive_Tar |
 |
|
Gentoo Linux Security Advisory
Title: PEAR Archive_Tar: Remote code execution vulnerability (GLSA 202006-14)
Severity: normal
Exploitable: local, remote
Date: 2020-06-15
Bug(s): #675576
ID: 202006-14
Synopsis
A buffer overflow in the PEAR module Archive_Tar might allow local
or remote attacker(s) to execute arbitrary code.
Background
This class provides handling of tar files in PHP.
Affected Packages
Package: dev-php/PEAR-Archive_Tar
Vulnerable: < 1.4.5
Unaffected: >= 1.4.5
Architectures: All supported architectures
Description
An issue was discovered in the PEAR module Archive_Tar’s handling of
file paths within Tar achives.
Impact
A local or remote attacker could possibly execute arbitrary code with
the privileges of the process.
Workaround
Avoid handling untrusted Tar files with this package until you have
upgraded to a non-vulnerable version.
Resolution
All PEAR-Archive_Tar users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/PEAR-Archive_Tar-1.4.5"
|
References
CVE-2018-1000888
|
|
News & Announcements
