Security Information / 2018 / Security Information -- DSA-4226-1 perl

Debian Security Advisory

DSA-4226-1 perl -- security update

Date Reported:

12 Jun 2018

Affected Packages:

perl

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 900834.
In Mitre's CVE dictionary: CVE-2018-12015.

More information:

Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

For the oldstable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u11.

For the stable distribution (stretch), this problem has been fixed in version 5.24.1-3+deb9u4.

We recommend that you upgrade your perl packages.

For the detailed security status of perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/perl