[arch-security] [ASA-201702-14] diffoscope: arbitrary file overwrite
anthraxx at archlinux.org
Fri Feb 17 13:14:12 UTC 2017
Arch Linux Security Advisory ASA-201702-14
Date : 2017-02-17
CVE-ID : CVE-2017-0359
Package : diffoscope
Type : arbitrary file overwrite
Remote : No
Link : https://security.archlinux.org/AVG-175
The package diffoscope before version 77-1 is vulnerable to arbitrary
Upgrade to 77-1.
# pacman -Syu "diffoscope>=77-1"
The problem has been fixed upstream in version 77.
It has been discovered that diffoscope may write to arbitrary locations
on disk depending on the contents of an untrusted archive.
An attacker is able to create a specially crafted archive that, when
processed, overwrites arbitrary files on disc.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security