PublicDateAtUSN: 2021-12-24 00:00:00 UTC
Candidate: CVE-2021-23177
PublicDate: 2021-12-24 00:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23177
 https://ubuntu.com/security/notices/USN-5291-1
Description:
 extracting a symlink with ACLs modifies ACLs of target
Ubuntu-Description:
Notes:
 mdeslaur> intrusive backport to bionic
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001986
 https://github.com/libarchive/libarchive/issues/1565
Priority: low
Discovered-by:
Assigned-to:
CVSS:


Patches_libarchive:
 upstream: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2)
upstream_libarchive: released (3.5.2-1)
trusty/esm_libarchive: needs-triage
esm-infra/xenial_libarchive: needs-triage
trusty_libarchive: ignored (out of standard support)
xenial_libarchive: ignored (out of standard support)
bionic_libarchive: needed
focal_libarchive: released (3.4.0-2ubuntu1.1)
hirsute_libarchive: ignored (reached end-of-life)
impish_libarchive: released (3.4.3-2ubuntu0.1)
jammy_libarchive: not-affected (3.5.2-1)
devel_libarchive: not-affected (3.5.2-1)