tar security update

2006-12-20T03:41:54
ID CESA-2006:0749-01
Type centos
Reporter CentOS Project
Modified 2006-12-20T03:41:54

Description

CentOS Errata and Security Advisory CESA-2006:0749-01

The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.

Teemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)

Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-December/025469.html

Affected packages: tar

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html