REDHAT-BUG-2397901: High severity tar-fs tar-fs vulnerability
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2397901?
The severity of REDHAT-BUG-2397901 is considered high due to the symlink validation bypass vulnerability.
How do I fix REDHAT-BUG-2397901?
To fix REDHAT-BUG-2397901, update to versions 3.1.1, 2.1.4, or 1.16.6 of the tar-fs package.
What are the vulnerable versions in REDHAT-BUG-2397901?
The vulnerable versions for REDHAT-BUG-2397901 are prior to 3.1.1, 2.1.3, and 1.16.5.
What type of vulnerability is REDHAT-BUG-2397901?
REDHAT-BUG-2397901 is a symlink validation bypass vulnerability that can be exploited under certain conditions.
Is there a workaround for REDHAT-BUG-2397901?
Yes, a workaround for REDHAT-BUG-2397901 involves using predictable destination directories when handling specific tarballs.