Vulnerability CVE-2007-4559: Information
Description
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Severity: MEDIUM (6.8)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python3 | p10 | 3.9.18-alt1 | 3.9.18-alt1 | ALT-PU-2024-2511-3 | 340781 | Fixed |
python3 | p10_e2k | 3.9.18-alt1 | 3.9.18-alt1 | ALT-PU-2024-3765-1 | - | Fixed |
python3 | p9 | 3.7.17-alt2 | 3.7.17-alt2 | ALT-PU-2024-9093-2 | 350963 | Fixed |
python3 | c10f1 | 3.9.18-alt0.c10f1.1 | 3.9.18-alt0.c10f1.1 | ALT-PU-2024-6382-3 | 344932 | Fixed |
python3 | c9f2 | 3.7.17-alt2 | 3.7.17-alt2 | ALT-PU-2024-9345-2 | 351564 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
[python-dev] 20070824 tarfile and directory traversal vulnerability |
|
[python-dev] 20070825 tarfile and directory traversal vulnerability |
|
https://bugzilla.redhat.com/show_bug.cgi?id=263261 |
|
26623 |
|
ADV-2007-3022 |
|
GLSA-202309-06 | |
FEDORA-2024-d1f1084584 | |
FEDORA-2024-ebb3c95344 | |
FEDORA-2024-46374d2703 |