tar: symlink path traversal vulnerability

Package(s):

tar

CVE #(s):

CVE-2007-4131

Created:

August 23, 2007

Updated:

December 28, 2007

Description:

The tar utility has a symlink path traversal vulnerability involving extracted archives. Maliciously created tar archives can be used to write arbitrary data to files that the tar user has write access to.

Alerts:

Debian	DSA-1438-1	tar	2007-12-28
Gentoo	200709-09	tar	2007-09-15
Mandriva	MDKSA-2007:173	tar	2007-09-04
Fedora	FEDORA-2007-683	tar	2007-08-30
SuSE	SUSE-SR:2007:018	clamav, RealPlayer, pfstools, vim/gvim, tar/star, nfsidmap	2007-08-31
Fedora	FEDORA-2007-1890	tar	2007-08-29
Ubuntu	USN-506-1	tar	2007-08-28
rPath	rPSA-2007-0172-1	tar	2007-08-25
Foresight	FLEA-2007-0049-1	tar	2007-08-27
Red Hat	RHSA-2007:0860-01	tar	2007-08-23