CentOS Errata and Security Advisory CESA-2013:1418
The libtar package contains a C library for manipulating tar archives. The
library supports both the strict POSIX tar format and many of the commonly
used GNU extensions.
Two heap-based buffer overflow flaws were found in the way libtar handled
certain archives. If a user were tricked into expanding a specially-crafted
archive, it could cause the libtar executable or an application using
libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397)
Note: This issue only affected 32-bit builds of libtar.
Red Hat would like to thank Timo Warns for reporting this issue.
All libtar users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-October/082131.html
Affected packages:
libtar
libtar-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1418
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | libtar | < 1.2.11-17.el6_4.1 | libtar-1.2.11-17.el6_4.1.i686.rpm |
CentOS | 6 | i686 | libtar-devel | < 1.2.11-17.el6_4.1 | libtar-devel-1.2.11-17.el6_4.1.i686.rpm |
CentOS | 6 | i686 | libtar | < 1.2.11-17.el6_4.1 | libtar-1.2.11-17.el6_4.1.i686.rpm |
CentOS | 6 | x86_64 | libtar | < 1.2.11-17.el6_4.1 | libtar-1.2.11-17.el6_4.1.x86_64.rpm |
CentOS | 6 | i686 | libtar-devel | < 1.2.11-17.el6_4.1 | libtar-devel-1.2.11-17.el6_4.1.i686.rpm |
CentOS | 6 | x86_64 | libtar-devel | < 1.2.11-17.el6_4.1 | libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm |