Package name
tar
Date
2007-09-04
Advisory ID
MDKSA-2007:173
Affected versions
2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2007.1 x86_64

Problem description

Dmitry V. Levin discovered a path traversal flaw in how GNU tar
extracted archives. A malicious user could create a tar archive that
could write to arbitrary fiels that the user running tar has write
access to.

Updated packages have been patched to prevent these issues.

Updated packages

2007.0 x86_64

 e4d6a38673a213ee0011624ecd6b5667  2007.0/x86_64/tar-1.15.91-1.2mdv2007.0.x86_64.rpm 
 65e7c9a6300a397c71cbfe1c1854e491  2007.0/SRPMS/tar-1.15.91-1.2mdv2007.0.src.rpm

2007.1 i586

 003db92130c44646c89d127db26a4fd8  2007.1/i586/tar-1.16-3.1mdv2007.1.i586.rpm 
 d929dd2ef2716987b8890542fb762693  2007.1/SRPMS/tar-1.16-3.1mdv2007.1.src.rpm

2007.0 i586

 8f82a3a1e903928948584afac733c0be  2007.0/i586/tar-1.15.91-1.2mdv2007.0.i586.rpm 
 65e7c9a6300a397c71cbfe1c1854e491  2007.0/SRPMS/tar-1.15.91-1.2mdv2007.0.src.rpm

CS4.0 i586

 ecc995d361f75e3618cb23e000f012cf  corporate/4.0/i586/tar-1.15.1-5.3.20060mlcs4.i586.rpm 
 1831cb7c8437d7f68c6e53d3980a0049  corporate/4.0/SRPMS/tar-1.15.1-5.3.20060mlcs4.src.rpm

CS4.0 x86_64

 61513a4da673ea8d5ffb4fe26f346488  corporate/4.0/x86_64/tar-1.15.1-5.3.20060mlcs4.x86_64.rpm 
 1831cb7c8437d7f68c6e53d3980a0049  corporate/4.0/SRPMS/tar-1.15.1-5.3.20060mlcs4.src.rpm

2007.1 x86_64

 92323c0cb0bd466e2a35e6b02f01778b  2007.1/x86_64/tar-1.16-3.1mdv2007.1.x86_64.rpm 
 d929dd2ef2716987b8890542fb762693  2007.1/SRPMS/tar-1.16-3.1mdv2007.1.src.rpm

References