MGASA-2022-0103

Description

Updated nodejs-tar packages fix security vulnerability Untrusted tar file to symlink into an arbitrary location allowing file overwrites. (CVE-2021-37712) Arbitrary file creation/overwrite and arbitrary code execution. (CVE-2021-37701) Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. (CVE-2021-32803) Arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization (CVE-2021-32804)

Affected Systems

• mageia•nodejs-tar

  < 6.0.5-1.1.mga8

References (3)

• https://advisories.mageia.org/MGASA-2022-0103.html
• https://bugs.mageia.org/show_bug.cgi?id=29656
• https://www.debian.org/security/2021/dsa-5008