Lucene search
GoogleOSV:DLA-564-1HistoryJul 27, 2016 - 12:00 a.m.
tardiff - security update
2016-07-2700:00:00
Google
osv.dev
5
0.005 Low
EPSS
Percentile
76.3%
Two vulnerabilities were found in tardiff:
- CVE-2015-0857
Arbitrary command execution was possible via shell metacharacters
in the name of a (1) tar file or (2) file within a tar file. - CVE-2015-0858
Local users could write to arbitrary files via a symlink attack on
a pathname in a /tmp/tardiff-$$ temporary directory.
For Debian 7 Wheezy, these problems have been fixed in version
0.1-1+deb7u1.
We recommend that you upgrade your tardiff packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
References
Related
debian
debian
[SECURITY] [DLA 564-1] tardiff security update
2016-07-27 22:05:10
[SECURITY] [DSA 3562-1] tardiff security update
2016-05-01 12:04:15
[SECURITY] [DSA 3562-1] tardiff security update
2016-05-01 12:04:15
osv
osv
tardiff - security update
2016-05-01 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-564-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3562-1)
2016-04-30 00:00:00
Debian Security Advisory DSA 3562-1 (tardiff - security update)
2016-05-01 00:00:00
nessus
nessus
Debian DSA-3562-1 : tardiff - security update
2016-05-03 00:00:00
Debian DLA-564-1 : tardiff security update
2016-07-28 00:00:00
prion
prion
Design/Logic Flaw
2016-05-06 17:59:00
Directory traversal
2016-05-06 17:59:00
nvd
nvd
CVE-2015-0858
2016-05-06 17:59:01
CVE-2015-0857
2016-05-06 17:59:00
cvelist
cvelist
CVE-2015-0858
2016-05-06 17:00:00
CVE-2015-0857
2016-05-06 17:00:00
ubuntucve
ubuntucve
CVE-2015-0857
2016-05-06 00:00:00
CVE-2015-0858
2016-05-06 00:00:00
debiancve
debiancve
CVE-2015-0857
2016-05-06 17:59:00
CVE-2015-0858
2016-05-06 17:59:01
cve
cve
CVE-2015-0857
2016-05-06 17:59:00
CVE-2015-0858
2016-05-06 17:59:01