mirror of
https://github.com/restic/restic.git
synced 2025-08-12 18:57:39 +00:00
Update changelog/ for new version of calens
We've reworked calens[1] a bit, the changelog/releases file is not needed any more. Insteady, the release date is stored in the dir name which contains the changelog entries. [1] https://github.com/restic/calens
This commit is contained in:
Alexander Neumann
18
changelog/0.8.0_2017-11-26/issue-1445
Normal file
18
changelog/0.8.0_2017-11-26/issue-1445
Normal file
@@ -0,0 +1,18 @@
|
||||
Security: Prevent writing outside the target directory during restore
|
||||
|
||||
A vulnerability was found in the restic restorer, which allowed attackers in
|
||||
special circumstances to restore files to a location outside of the target
|
||||
directory. Due to the circumstances we estimate this to be a low-risk
|
||||
vulnerability, but urge all users to upgrade to the latest version of restic.
|
||||
|
||||
Exploiting the vulnerability requires a Linux/Unix system which saves backups
|
||||
via restic and a Windows systems which restores files from the repo. In
|
||||
addition, the attackers need to be able to create create files with arbitrary
|
||||
names which are then saved to the restic repo. For example, by creating a file
|
||||
named "..\test.txt" (which is a perfectly legal filename on Linux) and
|
||||
restoring a snapshot containing this file on Windows, it would be written to
|
||||
the parent of the target directory.
|
||||
|
||||
We'd like to thank Tyler Spivey for reporting this responsibly!
|
||||
|
||||
https://github.com/restic/restic/pull/1445
|
||||
Reference in New Issue
Block a user