tar -- input validation error

2006-12-01T00:00:00
ID DSA-1223
Type debian
Reporter Debian
Modified 2006-12-01T00:00:00

Description

Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.

For the stable distribution (sarge), this problem has been fixed in version 1.14-2.3.

For the unstable distribution (sid) and the forthcoming stable release (etch), this problem will be fixed in version 1.16-2.

We recommend that you upgrade your tar package.