Lucene search

K
mageiaGentoo FoundationMGASA-2013-0309
HistoryOct 17, 2013 - 11:37 p.m.

Updated libtar packages fixes security vulnerability

2013-10-1723:37:42
Gentoo Foundation
advisories.mageia.org
11

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.034

Percentile

91.5%

Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code (CVE-2013-4397).

OSVersionArchitecturePackageVersionFilename
Mageia2noarchlibtar< 1.2.11-10.1libtar-1.2.11-10.1.mga2
Mageia3noarchlibtar< 1.2.18-2.1libtar-1.2.18-2.1.mga3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.034

Percentile

91.5%