CVE-2018-12015

Priority
Description
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to
bypass a directory-traversal protection mechanism, and overwrite arbitrary
files, via an archive file containing a symlink and a regular file with the
same name.
Assigned-to
leosilva
Notes
Package
Source: perl (LP Ubuntu Debian)
Upstream:released (5.26.2-6)
Ubuntu 12.04 ESM (Precise Pangolin):released (5.14.2-6ubuntu2.8)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.18.2-2ubuntu1.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (5.22.1-9ubuntu0.5)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.26.1-6ubuntu0.1)
Patches:
Upstream:https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
More Information

Updated: 2020-09-10 05:49:15 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)