The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.
Teemu Salmela discovered a path traversal flaw in the way GNU tar extracted
archives. A malicious user could create a tar archive that could write to
arbitrary files to which the user running GNU tar has write access.
(CVE-2006-6097)
Users of tar should upgrade to this updated package, which contains a
replacement backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390x | tar | < 1.13.25-15.RHEL3 | tar-1.13.25-15.RHEL3.s390x.rpm |
RedHat | any | s390 | tar | < 1.14-12.RHEL4 | tar-1.14-12.RHEL4.s390.rpm |
RedHat | any | ia64 | tar | < 1.13.25-6.AS21.1 | tar-1.13.25-6.AS21.1.ia64.rpm |
RedHat | any | i386 | tar | < 1.13.25-6.AS21.1 | tar-1.13.25-6.AS21.1.i386.rpm |
RedHat | any | ppc | tar | < 1.13.25-15.RHEL3 | tar-1.13.25-15.RHEL3.ppc.rpm |
RedHat | any | ia64 | tar | < 1.14-12.RHEL4 | tar-1.14-12.RHEL4.ia64.rpm |
RedHat | any | i386 | tar | < 1.13.25-15.RHEL3 | tar-1.13.25-15.RHEL3.i386.rpm |
RedHat | any | ppc | tar | < 1.14-12.RHEL4 | tar-1.14-12.RHEL4.ppc.rpm |
RedHat | any | x86_64 | tar | < 1.13.25-15.RHEL3 | tar-1.13.25-15.RHEL3.x86_64.rpm |
RedHat | any | i386 | tar | < 1.14-12.RHEL4 | tar-1.14-12.RHEL4.i386.rpm |