stable

plexus-archiver-3.4-4.fc27

FEDORA-2018-6c55e1f79c created by mizdebsk 4 years ago for Fedora 27

Security fix: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-1002200)

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vulnerable configurations.

Red Hat would like to thank Danny Grander (Snyk) for reporting this issue. External References: https://snyk.io/research/zip-slip-vulnerability

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2018-6c55e1f79c

This update has been submitted for testing by mizdebsk.

4 years ago

This update has been pushed to testing.

4 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by mizdebsk.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
2
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1584392 CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
0
0
BZ#1587818 CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-27]
0
0

Automated Test Results

ignored