(RHSA-2006:0232) tar security update

2006-03-0100:00:00

access.redhat.com

EPSS

0.294

Percentile

96.9%

JSON

The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.

Jim Meyering discovered a buffer overflow bug in the way GNU tar extracts
malformed archives. By tricking a user into extracting a malicious tar
archive, it is possible to execute arbitrary code as the user running tar.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CVE-2006-0300 to this issue.

Users of tar should upgrade to this updated package, which contains a
backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanys390xtar< 1.14-9.RHEL4tar-1.14-9.RHEL4.s390x.rpm
RedHatanyia64tar< 1.14-9.RHEL4tar-1.14-9.RHEL4.ia64.rpm
RedHatanyi386tar< 1.14-9.RHEL4tar-1.14-9.RHEL4.i386.rpm
RedHatanyppctar< 1.14-9.RHEL4tar-1.14-9.RHEL4.ppc.rpm
RedHatanysrctar< 1.14-9.RHEL4tar-1.14-9.RHEL4.src.rpm
RedHatanys390tar< 1.14-9.RHEL4tar-1.14-9.RHEL4.s390.rpm
RedHatanyx86_64tar< 1.14-9.RHEL4tar-1.14-9.RHEL4.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390x	tar	< 1.14-9.RHEL4	tar-1.14-9.RHEL4.s390x.rpm
RedHat	any	ia64	tar	< 1.14-9.RHEL4	tar-1.14-9.RHEL4.ia64.rpm
RedHat	any	i386	tar	< 1.14-9.RHEL4	tar-1.14-9.RHEL4.i386.rpm
RedHat	any	ppc	tar	< 1.14-9.RHEL4	tar-1.14-9.RHEL4.ppc.rpm
RedHat	any	src	tar	< 1.14-9.RHEL4	tar-1.14-9.RHEL4.src.rpm
RedHat	any	s390	tar	< 1.14-9.RHEL4	tar-1.14-9.RHEL4.s390.rpm
RedHat	any	x86_64	tar	< 1.14-9.RHEL4	tar-1.14-9.RHEL4.x86_64.rpm