Latest YouTube Video

Sunday, October 30, 2016

[FD] [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update

Update on the advisory: As pointed out by several people, the ERROR macro did't fail the operation in a desired way: Files were still being created by tar. In order to really stop tar from doing silly things, FATAL_ERROR macro needs to be used instead. The patch has now been updated accordingly. Updated Advisory: http://ift.tt/2dLHRWy Updated Patch: http://ift.tt/2eQjvsh NOTE: Ideas on how to make tar safely skip such entries instead of failing the whole operating are welcome.

Source: Gmail -> IFTTT-> Blogger

No comments: