CVE-2018-12015

Published: 07 June 2018

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
Upstream
Released (5.26.2-6)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.26.1-6ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (5.22.1-9ubuntu0.5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.18.2-2ubuntu1.6)
Patches:
Upstream: https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5