Oval Definition:oval:com.redhat.rhsa:def:20070873
Revision Date:2007-09-04Version:635
Title:RHSA-2007:0873: star security update (Moderate)
Description:Star is a tar-like archiver. It saves multiple files into a single tape or disk archive, and can restore individual files from the archive. Star includes multi-volume support, automatic archive format detection and ACL support.

  • A path traversal flaw was discovered in the way star extracted archives. A malicious user could create a tar archive that would cause star to write to arbitrary files to which the user running star had write access. (CVE-2007-4134)

    Red Hat would like to thank Robert Buchholz for reporting this issue.

    As well, this update adds the command line argument "-.." to the Red Hat Enterprise Linux 3 version of star. This allows star to extract files containing "/../" in their pathname.

    Users of star should upgrade to this updated package, which contain backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-4134
    RHSA-2007:0873
    RHSA-2007:0873-02
    RHSA-2007:0873-02
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND star is earlier than 0:1.5a08-5
  • AND star is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND star is earlier than 0:1.5a25-8
  • AND star is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND star is earlier than 0:1.5a75-2
  • AND star is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND star is earlier than 0:1.5a08-5
  • AND star is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND star is earlier than 0:1.5a25-8
  • AND star is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND star is earlier than 0:1.5a75-2
  • AND star is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND star is earlier than 0:1.5a25-8
  • AND star is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND star is earlier than 0:1.5a75-2
  • AND star is signed with Red Hat redhatrelease2 key
    • BACK