RedHatRHSA-2006:0749(RHSA-2006:0749) Moderate: tar security update
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
0.013 Low
EPSS
Percentile
84.2%
The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.
Teemu Salmela discovered a path traversal flaw in the way GNU tar extracted
archives. A malicious user could create a tar archive that could write to
arbitrary files to which the user running GNU tar has write access.
(CVE-2006-6097)
Users of tar should upgrade to this updated package, which contains a
replacement backported patch to correct this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | s390x | tar | < 1.13.25-15.RHEL3 | tar-1.13.25-15.RHEL3.s390x.rpm |
| RedHat | any | s390 | tar | < 1.14-12.RHEL4 | tar-1.14-12.RHEL4.s390.rpm |
| RedHat | any | ia64 | tar | < 1.13.25-6.AS21.1 | tar-1.13.25-6.AS21.1.ia64.rpm |
| RedHat | any | i386 | tar | < 1.13.25-6.AS21.1 | tar-1.13.25-6.AS21.1.i386.rpm |
| RedHat | any | ppc | tar | < 1.13.25-15.RHEL3 | tar-1.13.25-15.RHEL3.ppc.rpm |
| RedHat | any | ia64 | tar | < 1.14-12.RHEL4 | tar-1.14-12.RHEL4.ia64.rpm |
| RedHat | any | i386 | tar | < 1.13.25-15.RHEL3 | tar-1.13.25-15.RHEL3.i386.rpm |
| RedHat | any | ppc | tar | < 1.14-12.RHEL4 | tar-1.14-12.RHEL4.ppc.rpm |
| RedHat | any | x86_64 | tar | < 1.13.25-15.RHEL3 | tar-1.13.25-15.RHEL3.x86_64.rpm |
| RedHat | any | i386 | tar | < 1.14-12.RHEL4 | tar-1.14-12.RHEL4.i386.rpm |
Related
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
0.013 Low
EPSS
Percentile
84.2%