LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-2800 (tar)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 8 Update: tar-1.17-4.fc8


Date:
    	      Tue, 06 Nov 2007 09:05:51 -0700


Message-ID:
    	      <200711061605.lA6G5pK1004599@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2800
2007-11-06 16:05:46.210414
--------------------------------------------------------------------------------

Name        : tar
Product     : Fedora 8
Version     : 1.17
Release     : 4.fc8
URL         : http://www.gnu.org/software/tar/
Summary     : A GNU file archiving program
Description :
The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive. Tar
can also be used to add supplemental files to an archive and to update
or list files in the archive. Tar includes multivolume support,
automatic archive compression/decompression, the ability to perform
remote archives, and the ability to perform incremental and full
backups.

If you want to use tar for remote backups, you also need to install
the rmt package.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 24 2007 Radek Brich <rbrich@redhat.com> 2:1.17-4
- upstream patch for CVE-2007-4476
  (tar stack crashing in safer_name_suffix)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #280961 - CVE-2007-4476 tar stack crashing in safer_name_suffix
        https://bugzilla.redhat.com/show_bug.cgi?id=280961
  [ 2 ] CVE-2007-4476
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
--------------------------------------------------------------------------------
Updated packages:

9aa3db9f88424567eea01781c179b161f7a3ead0 tar-1.17-4.fc8.ppc64.rpm
9b027c40cdee9ba25102ff682956398cb94aace9 tar-debuginfo-1.17-4.fc8.ppc64.rpm
ee8f37d014a168a4e0446ab362801aa64e6e7175 tar-debuginfo-1.17-4.fc8.i386.rpm
bc7af5ac1e50c4fb5c9ad01268575e32cb63c569 tar-1.17-4.fc8.i386.rpm
63aafa7ff75aa7199be1f73959584cfff5992d2f tar-1.17-4.fc8.x86_64.rpm
2a21b51d787b0505441ee87eac3007c402757ad8 tar-debuginfo-1.17-4.fc8.x86_64.rpm
39bedd9860414c1869aa141819e7e87b7c0377c5 tar-1.17-4.fc8.ppc.rpm
04d638d90d0801b3c0f963a44d5f5cc0e8e57009 tar-debuginfo-1.17-4.fc8.ppc.rpm
8910e138a6c01fe2f7034bd7f8f63e4b9e635e5d tar-1.17-4.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update tar' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds