MDKSA-2007:173
- Package name
- tar
- Date
- 2007-09-04
- Advisory ID
- MDKSA-2007:173
- Affected versions
- 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2007.1 x86_64
Problem description
Dmitry V. Levin discovered a path traversal flaw in how GNU tar
extracted archives. A malicious user could create a tar archive that
could write to arbitrary fiels that the user running tar has write
access to.
Updated packages have been patched to prevent these issues.
Updated packages
2007.0 x86_64
e4d6a38673a213ee0011624ecd6b5667 2007.0/x86_64/tar-1.15.91-1.2mdv2007.0.x86_64.rpm 65e7c9a6300a397c71cbfe1c1854e491 2007.0/SRPMS/tar-1.15.91-1.2mdv2007.0.src.rpm
2007.1 i586
003db92130c44646c89d127db26a4fd8 2007.1/i586/tar-1.16-3.1mdv2007.1.i586.rpm d929dd2ef2716987b8890542fb762693 2007.1/SRPMS/tar-1.16-3.1mdv2007.1.src.rpm
2007.0 i586
8f82a3a1e903928948584afac733c0be 2007.0/i586/tar-1.15.91-1.2mdv2007.0.i586.rpm 65e7c9a6300a397c71cbfe1c1854e491 2007.0/SRPMS/tar-1.15.91-1.2mdv2007.0.src.rpm
CS4.0 i586
ecc995d361f75e3618cb23e000f012cf corporate/4.0/i586/tar-1.15.1-5.3.20060mlcs4.i586.rpm 1831cb7c8437d7f68c6e53d3980a0049 corporate/4.0/SRPMS/tar-1.15.1-5.3.20060mlcs4.src.rpm
CS4.0 x86_64
61513a4da673ea8d5ffb4fe26f346488 corporate/4.0/x86_64/tar-1.15.1-5.3.20060mlcs4.x86_64.rpm 1831cb7c8437d7f68c6e53d3980a0049 corporate/4.0/SRPMS/tar-1.15.1-5.3.20060mlcs4.src.rpm
2007.1 x86_64
92323c0cb0bd466e2a35e6b02f01778b 2007.1/x86_64/tar-1.16-3.1mdv2007.1.x86_64.rpm d929dd2ef2716987b8890542fb762693 2007.1/SRPMS/tar-1.16-3.1mdv2007.1.src.rpm