From feb0daf81d888e9160f9f94502de09b66f2a63fd Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 21 Jun 2020 17:50:24 +0100 Subject: gentoo resync : 21.06.2020 --- metadata/glsa/glsa-202006-14.xml | 52 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 metadata/glsa/glsa-202006-14.xml (limited to 'metadata/glsa/glsa-202006-14.xml') diff --git a/metadata/glsa/glsa-202006-14.xml b/metadata/glsa/glsa-202006-14.xml new file mode 100644 index 000000000000..46fb4e114549 --- /dev/null +++ b/metadata/glsa/glsa-202006-14.xml @@ -0,0 +1,52 @@ + + + + PEAR Archive_Tar: Remote code execution vulnerability + A buffer overflow in the PEAR module Archive_Tar might allow local + or remote attacker(s) to execute arbitrary code. + + archive_tar + 2020-06-15 + 2020-06-15 + 675576 + local, remote + + + 1.4.5 + 1.4.5 + + + +

This class provides handling of tar files in PHP.

+ + +

An issue was discovered in the PEAR module Archive_Tar’s handling of + file paths within Tar achives. +

+ + +

A local or remote attacker could possibly execute arbitrary code with + the privileges of the process. +

+ + +

Avoid handling untrusted Tar files with this package until you have + upgraded to a non-vulnerable version. +

+ + +

All PEAR-Archive_Tar users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Archive_Tar-1.4.5" + + + + + CVE-2018-1000888 + + + BlueKnight + sam_c + -- cgit v1.2.3