Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-12015

Published: 7 June 2018

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
artful
Released (5.26.0-8ubuntu1.2)
bionic
Released (5.26.1-6ubuntu0.1)
precise
Released (5.14.2-6ubuntu2.8)
trusty
Released (5.18.2-2ubuntu1.6)
upstream
Released (5.26.2-6)
xenial
Released (5.22.1-9ubuntu0.5)
Patches:
upstream: https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5