Oval Definition:oval:com.redhat.rhsa:def:20070860
Revision Date:2007-08-23Version:635
Title:RHSA-2007:0860: tar security update (Moderate)
Description:The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.

  • A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131)

    Red Hat would like to thank Dmitry V. Levin for reporting this issue.

    Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-4131
    RHSA-2007:0860
    RHSA-2007:0860-02
    RHSA-2007:0860-02
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND tar is earlier than 0:1.14-12.5.1.RHEL4
  • AND tar is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND tar is earlier than 2:1.15.1-23.0.1.el5
  • AND tar is signed with Red Hat redhatrelease2 key
    • BACK