Debian Security Advisory 5008-1

Debian Security Advisory 5008-1: Posted Nov 28, 2021; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5008-1 - It was discovered that the symlink extraction protections in node-tar, a Tar archives module for Node.js could by bypassed; allowing a malicious Tar archive to symlink into an arbitrary location.; tags | advisory, arbitrary; systems | linux, debian; advisories | CVE-2021-37701, CVE-2021-37712; SHA-256 | 915d1d41f05c7787a3911c04d0c5812980a9774de9b717719ea636a54be32acd; Download | Favorite | View

Debian Security Advisory 5008-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5008-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 11, 2021                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : node-tar
CVE ID         : CVE-2021-37701 CVE-2021-37712

It was discovered that the symlink extraction protections in node-tar,
a Tar archives module for Node.js could by bypassed; allowing a malicious
Tar archive to symlink into an arbitrary location.

For the stable distribution (bullseye), these problems have been fixed in
version 6.0.5+ds1+~cs11.3.9-1+deb11u2.

We recommend that you upgrade your node-tar packages.

For the detailed security status of node-tar please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-tar

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmGNjbgACgkQEMKTtsN8
TjZ7+g//Z7glvjpdAsgZyM/oh0GtXQajrwqc+U89amwgqJW9S8Ghe8qHtkVnDvjZ
iEtApRTXGK9hp8wKvLsBSvdUBHvEt6PtrvMre9Hd9cHbuMklkJCSi2pnsWyC9her
RmAQZff7V825JixBSCWX9IYkAUMCCnL9YZk5fdKkzhUt2aiDTLNPEdP2RbeerJBu
jwfdwr/b3/sv14QhLAsbNyfT+A/G5K+JXpfvQmbu7feqbLHZtBMoY8YS0n1wWoSO
uJ/a2/+0gy/ytcj4smPk0JgDHi5FtOpApZqS32i//Iep6NcWAvzaUkF+htOFr9qJ
PcJJ3FSQT7Zwf2nNHxDyIOaali9fmKSr1vfbMTxDGe2srOtb3KOsrgMHrSM1SrOP
/M8e74J547QTsUZnBlG5xZxlebM80AY7DLVj9SFMhzcxqg4m784jbJncMSp2Uo9/
KAx8Aect8aEEokedAjtoKwBYomGlAgCuAeW04hr+wY9BbrA5/cLlE2Ab+yOdZFuB
W74Ji/lvki4+jnlk8A3cG9CMcBsOe1gORfasIeh03up5dHCVVy57rc2HdW7bRiyx
sAD+kbhYJnh9tLetfUC1Dk5znESMtwqJLSfQNHcWUx0oOPaYwL0BdQOResQuSEQe
QJBZSav3l48EeXdGKeXUkwtnFOx3+mU0LbOjwRR07w08iDLASCs=
=Dc1h
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Debian Security Advisory 5008-1

Debian Security Advisory 5008-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5008-1

Share This

Debian Security Advisory 5008-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems