Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects
from Jan Matejek, who was at the time the Python package maintainer for SUSE. It can be exploited to potentially overwrite and hijack files on a victim's machine, when a vulnerable application opens a malicious tar archive via"../../../../../etc/passwd"The tarfile directory traversal flaw wasBut it had already been addressed, sort of. One day earlier, Lars Gustäbel, maintainer of the tarfile module, committedmethod that throws an error if a tar archive file path is insecure.
"There is no known or possible practical exploit. I [updated] the documentation with a warning that it might be dangerous to extract archives from untrusted sources. That is the only thing to be done IMO."Warning: Never extract archives from untrusted sources without prior inspection. It is possible that files are created outside of".."
South Africa Latest News, South Africa Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Live news: Gap to cut 500 corporate jobs across its global offices\n\t\t\tExpert insights, analysis and smart data help you cut through the noise to spot trends,\n\t\t\trisks and opportunities.\n\t\t\n\t\tJoin over 300,000 Finance professionals who already subscribe to the FT.
Read more »
Ericsson relives Indy glory after modeling for Borg-Warner Trophy2022 Indy500 winner Ericsson_Marcus relives that special day, while posing for the BorgTrophy – and revealing a potentially huge piece of connected news... IndyCar CGRTeams
Read more »
Schoolboy, 15, stabbed to death in Huddersfield as police launch murder investigationA 15-year-old schoolboy has died and a murder investigation has been launched after a stabbing in Huddersfield.
Read more »
Perverted grandad tricked by online ad wanted unprotected sex with 15-year-oldAlan Fitzgerald phoned up the fake escort ad number and confirmed a time and a place to meet up with 15-year-old 'Lacey' before police arrested him.
Read more »