Oval Definition:oval:com.redhat.rhsa:def:20100141
Revision Date:2010-03-15Version:638
Title:RHSA-2010:0141: tar security update (Moderate)
Description:The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.

  • A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to crash or execute arbitrary code with the privileges of the user running tar. (CVE-2010-0624)

    Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue.

  • A denial of service flaw was found in the way tar expanded archive files. If a user expanded a specially-crafted archive, it could cause the tar executable to crash. (CVE-2007-4476)

    Users of tar are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-4476
    CVE-2010-0624
    RHSA-2010:0141
    RHSA-2010:0141-01
    RHSA-2010:0141-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND tar is earlier than 0:1.14-13.el4_8.1
  • AND tar is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND tar is earlier than 2:1.15.1-23.0.1.el5_4.2
  • AND tar is signed with Red Hat redhatrelease2 key
    • BACK