tar security update

2006-03-01T16:42:53
ID CESA-2006:0232
Type centos
Reporter CentOS Project
Modified 2006-03-02T00:14:12

Description

CentOS Errata and Security Advisory CESA-2006:0232

The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.

Jim Meyering discovered a buffer overflow bug in the way GNU tar extracts malformed archives. By tricking a user into extracting a malicious tar archive, it is possible to execute arbitrary code as the user running tar. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0300 to this issue.

Users of tar should upgrade to this updated package, which contains a backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-March/024728.html http://lists.centos.org/pipermail/centos-announce/2006-March/024729.html http://lists.centos.org/pipermail/centos-announce/2006-March/024730.html http://lists.centos.org/pipermail/centos-announce/2006-March/024731.html http://lists.centos.org/pipermail/centos-announce/2006-March/024732.html

Affected packages: tar

Upstream details at: https://rhn.redhat.com/errata/RHSA-2006-0232.html