| |||||||||||||||||||
Fedora alert FEDORA-2010-4309 (tar)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-4309 2010-03-12 03:08:26 -------------------------------------------------------------------------------- Name : tar Product : Fedora 12 Version : 1.22 Release : 12.fc12 URL : http://www.gnu.org/software/tar/ Summary : A GNU file archiving program Description : The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive compression/decompression, the ability to perform remote archives, and the ability to perform incremental and full backups. If you want to use tar for remote backups, you also need to install the rmt package. -------------------------------------------------------------------------------- Update Information: - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive (#572149) - realloc within check_exclusion_tags() caused invalid write (#570591) - not closing file descriptors for excluded files/dirs with exlude-tag... options could cause descriptor exhaustion (#570591) - do not fail with POSIX 2008 glibc futimens() (#552320) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 10 2010 Ondrej Vasik <ovasik@redhat.com> 2:1.22-12 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive (#572149) - realloc within check_exclusion_tags() caused invalid write (#570591) - not closing file descriptors for excluded files/dirs with exlude-tag... options could cause descriptor exhaustion (#570591) - do not fail with POSIX 2008 glibc futimens() (#552320) * Tue Dec 8 2009 Ondrej Vasik <ovasik@redhat.com> 2:1.22-11 - fix segfault with corrupted metadata in code_ns_fraction (#531441) - commented patches and sources * Fri Nov 27 2009 Ondrej Vasik <ovasik@redhat.com> 2:1.22-10 - store xattrs for symlinks (#525992) - by Kamil Dudka - update tar(1) manpage (#539787) - fix memory leak in xheader (#518079) * Wed Nov 18 2009 Kamil Dudka <kdudka@redhat.com> 2:1.22-9 - store SELinux context for symlinks (#525992) -------------------------------------------------------------------------------- References: [ 1 ] Bug #564368 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive https://bugzilla.redhat.com/show_bug.cgi?id=564368 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update tar' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|||||||||||||||||||