Debian Security Advisory 3562-1

Debian Security Advisory 3562-1: Posted May 2, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3562-1 - Several vulnerabilities were discovered in tardiff, a tarball comparison tool.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2015-0857, CVE-2015-0858; SHA-256 | 306fe98ee2aa902b2d646bdb1b17d3da65dad3d3946ef5bf60eb09601f001e6b; Download | Favorite | View

Debian Security Advisory 3562-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3562-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 01, 2016                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tardiff
CVE ID         : CVE-2015-0857 CVE-2015-0858

Several vulnerabilities were discovered in tardiff, a tarball comparison
tool. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2015-0857

    Rainer Mueller and Florian Weimer discovered that tardiff is prone
    to shell command injections via shell meta-characters in filenames
    in tar files or via shell meta-characters in the tar filename
    itself.

CVE-2015-0858

    Florian Weimer discovered that tardiff uses predictable temporary
    directories for unpacking tarballs. A malicious user can use this
    flaw to overwrite files with permissions of the user running the
    tardiff command line tool.

For the stable distribution (jessie), these problems have been fixed in
version 0.1-2+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 0.1-5 and partially in earlier versions.

We recommend that you upgrade your tardiff packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXJfAgAAoJEAVMuPMTQ89EV+QP/R8LbIJAyYPHzBYA0XOSHb/l
JDmX1JCR32xv3ucV0xqoSR3BoU4DA3DpZKgDF4/zMBq88F2vTUXkI1xbk24puwjr
l7926AdWSVbhti5FOnh+btuaKVuanpYcGv/Sr0BNt4gbYKYdNSt4NYl0M5XnPYUT
MZfpoVbeMm5LILJG1IWdZzJNmeUsTtRotDbadQpkraR7/ahyNTwdae6OQXw4+6wC
4U11PQc7/GleEAziCPK9Pl3WG/jPc1SbhLE8xDCHAPvZZXRMFSUJqk1VuwE5K2Zg
sOMt1Y+CeCg8HoELgIh8lKlBQgYe79alNXWl44eRm6w+u7SsPVWhdKuTdXYQT0+N
hE5uAxzvo9mAxPwS39lC/yMKrJR73An8XWriioqeiybs/304Cz10m3x/p1wHquPx
ED34jK/fTZY3w81tkG6uE0fZkgqgfAY1KsgjylSfgLzXMDl22hO7jPsOkeYObZWC
qSKkt6OIUM01FC5M1EIqGZk5+MSizF2JEJ+vLdKsSLKdlT+PewdlhS0pyWogWGfi
TAWU6fVyhYuTAhdgxd33Vq842e/Y93nK6WsQXfYMom0F/TKsmx1GXTkEBQ5PRifj
b70+PCO0tmiJchB6If5xCobmYqcWrBjaejiZsngf4Ucdj0cj5E0BxxLd4huM31Bu
4nFnFc7wK6iE8uCjUMZW
=NDef
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 3562-1

Debian Security Advisory 3562-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3562-1

Share This

Debian Security Advisory 3562-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems