Ubuntu alert USN-3132-1 (tar)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-3132-1] tar vulnerability | |
| Date: | Mon, 21 Nov 2016 13:55:15 -0500 | |
| Message-ID: | <50ffdb13-554a-3d05-d4a0-64cc628ce650@canonical.com> |
========================================================================== Ubuntu Security Notice USN-3132-1 November 21, 2016 tar vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: tar could be made to overwrite files. Software Description: - tar: GNU version of the tar archiving utility Details: Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: tar 1.29b-1ubuntu0.1 Ubuntu 16.04 LTS: tar 1.28-2.1ubuntu0.1 Ubuntu 14.04 LTS: tar 1.27.1-1ubuntu0.1 Ubuntu 12.04 LTS: tar 1.26-4ubuntu1.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3132-1 CVE-2016-6321 Package Information: https://launchpad.net/ubuntu/+source/tar/1.29b-1ubuntu0.1 https://launchpad.net/ubuntu/+source/tar/1.28-2.1ubuntu0.1 https://launchpad.net/ubuntu/+source/tar/1.27.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/tar/1.26-4ubuntu1.1 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...