The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.
A heap-based buffer overflow flaw was found in the way tar expanded archive
files. If a user were tricked into expanding a specially-crafted archive,
it could cause the tar executable to crash or execute arbitrary code with
the privileges of the user running tar. (CVE-2010-0624)
Red Hat would like to thank Jakob Lell for responsibly reporting the
CVE-2010-0624 issue.
A denial of service flaw was found in the way tar expanded archive files.
If a user expanded a specially-crafted archive, it could cause the tar
executable to crash. (CVE-2007-4476)
Users of tar are advised to upgrade to this updated package, which contains
backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | s390x | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.s390x.rpm |
RedHat | 5 | x86_64 | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.x86_64.rpm |
RedHat | 5 | ppc | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.ppc.rpm |
RedHat | 4 | x86_64 | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.x86_64.rpm |
RedHat | 5 | src | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.src.rpm |
RedHat | 4 | ppc | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.ppc.rpm |
RedHat | 4 | i386 | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.i386.rpm |
RedHat | 5 | i386 | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.i386.rpm |
RedHat | 5 | ia64 | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.ia64.rpm |
RedHat | 4 | ia64 | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.ia64.rpm |