[USN-709-1] tar vulnerability
Date: Thu, 15 Jan 2009 15:55:53 -0600
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-709-1] tar vulnerability
Message-ID: <20090115215553.GE4202@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="uCPdOCrL+PnN2Vxy"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--uCPdOCrL+PnN2Vxy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Ubuntu Security Notice USN-709-1 January 15, 2009
tar vulnerability
CVE-2007-4476
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
tar 1.15.1-2ubuntu2.3
Ubuntu 7.10:
tar 1.18-2ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Dmitry V. Levin discovered a buffer overflow in tar. If a user or automated
system were tricked into opening a specially crafted tar file, an attacker
could crash tar or possibly execute arbitrary code with the privileges of the
user invoking the program.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3.diff.gz
Size/MD5: 31101 bd2a94f0578416e4ad7ed5d8e0eaab15
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3.dsc
Size/MD5: 582 6395ad2276cbfb04535c8e9a760184c2
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz
Size/MD5: 2204322 d87021366fe6488e9dc398fcdcb6ed7d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3_amd64.deb
Size/MD5: 532580 8bf4846b9b2108f42886784c794c01f6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3_i386.deb
Size/MD5: 519940 3ddc9cb9cf77bf95d711eef4b3f7851c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3_powerpc.deb
Size/MD5: 534426 0385fa88092124b117af7cd37bc2c588
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3_sparc.deb
Size/MD5: 524246 8b1ad8790f52ca7282a76a96b6b134cc
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1.diff.gz
Size/MD5: 47111 588df897391765ca5523e6ab611ed32b
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1.dsc
Size/MD5: 679 bc6cbaab0f63ef2289c49344ed88d6df
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18.orig.tar.gz
Size/MD5: 2381295 c5fc59099be4419d18f59fe8a7946017
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1_amd64.deb
Size/MD5: 384512 b9f347f8bb3f1209a2f2ba6b69a06eb6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1_i386.deb
Size/MD5: 339818 611afdfeb25440e65e3d722947408f5c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/tar/tar_1.18-2ubuntu1.1_lpia.deb
Size/MD5: 339942 1c900b255c7fb9d2f8f7b69a0d737d26
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1_powerpc.deb
Size/MD5: 359094 b790c9aa4e73dab09ca6892456970b71
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1_sparc.deb
Size/MD5: 342586 02aa39721b80469a26062f4c86e93b08
--uCPdOCrL+PnN2Vxy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklvsOkACgkQW0JvuRdL8Br/OwCaA3fOIi7EXhcCzb5TEk+d2Qlt
LQMAni1Y1EwHvrCbqVKxRnkXjSzzTUy/
=Jcdj
-----END PGP SIGNATURE-----
--uCPdOCrL+PnN2Vxy--