lib32-elfutils: directory traversal

2015-03-02T00:00:00
ID ASA-201503-3
Type archlinux
Reporter Arch Linux
Modified 2015-03-02T00:00:00

Description

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.