CVE-2007-4559

Advisory

Reprozip 1.2 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

----------------

Bugfixes:
* Don't mark symlinks as input files
* Fix reprounzip-vagrant not terminating after it says that it can't install packages
* Add defense for CVE-2007-4559
* Fix OrderedSet for Python 3.10+ compatibility

Enhancements:
* Recognize Ruby gems and apps and gather the whole environment
* Don't mark Python .pth files as input files
* Accept ZIP files in addition to TAR for RPZ files (reprozip doesn't currently create ZIP files)
* Handle more Linux system calls: faccessat2, statx, execveat, clone3, openat2, fchownat, fchmodat, accept4, renameat2

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4559
• http://mail.python.org/pipermail/python-dev/2007-August/074290.html
• http://mail.python.org/pipermail/python-dev/2007-August/074292.html
• https://bugzilla.redhat.com/show_bug.cgi?id=263261
• http://secunia.com/advisories/26623
• http://www.vupen.com/english/advisories/2007/3022