[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4214-1] node-tar-fs security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4214-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
June 11, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : node-tar-fs
Version        : 2.1.3-0+deb11u1
CVE ID         : CVE-2024-12905 CVE-2025-48387
Debian Bug     : 1101501

Path traversal has been fixed in node-tar-fs, a Node.js module that 
provides filesystem-like access to tar files.

CVE-2024-12905

    symlink path traversal

CVE-2025-48387

    hardlink path traversal

For Debian 11 bullseye, these problems have been fixed in version
2.1.3-0+deb11u1.

We recommend that you upgrade your node-tar-fs packages.

For the detailed security status of node-tar-fs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-tar-fs

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmhJ7ckACgkQiNJCh6LY
mLHBew//diGXAfDXbuVlwkY8Nq1JrSVZjOaQo+zA9I11AIIgrP4TMRW7EWcV9jlu
ql5tmf26dWLNf0YLwSCck7tzFlvzuZZCnH2LCr5IK3PaYImTPzG3WBPt/xJH7avV
2Ht/2gQTg+THk6x+d42okH2o1ycE/YjgnTc9X9ge8quSWYb0XjuRKpCrOQ/QE+7q
64BLX0snpD+R1nJg9+lSCBX/55sl1RNGWqpDflkGa78c/ErvMzmZ/Fin+310oaCi
ZgjBgoeBueSLMA6WkydLeEE8RAfshUJKvgtmSqp0bzLbH8fv+fKU9vskKVKLNraX
74FVx+6rQwsWzn6uuoWwsaAIDCmMQx2IW7dLNd7A0le+UV28FkL4iPb+M1C6oGMk
rQigoQCxYn0tXnAKiHxI1ad8vo0YbSMMqCmjuylp4bvA5YFvlO3jCsMowZoXemqh
0bEkovRYlVT6c5jCYrWUxcvDTWLFTmTjk62ydASFqJMM7ZPoBTO2b6OFwGeTEM8k
mo6Qvh87I/xb15HR9NPlf2FPiAF04XuxIxtHXuY3if9O+swlg7wOQhmQhIhrp8xb
BhNGXFFJ/zbzK20JWSO5/RLICNw+aGOeqiIPJLn/3BN92hO/KQMQOcjRbGWVFPMV
4Q7qeI90rJc8eaq+4zoO8l01Ml2pLl85B/o3VdkIZL8fzH5FVbo=
=/Af3
-----END PGP SIGNATURE-----


Reply to: