[Security-team] Fwd: [USN-257-1] tar vulnerability
Michael Shigorin
=?iso-8859-1?q?mike_=CE=C1_osdn=2Eorg=2Eua?=
Чт Фев 23 22:06:21 MSK 2006
Здравствуйте.
А нас (2.4/3.0) это касается? В Sisyphus исправление вижу,
mdk advisory вижу, а вот оригинальный CVE entry закрыт:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
----- Forwarded message from Martin Pitt <martin.pitt/canonical.com> -----
Date: Thu, 23 Feb 2006 15:08:58 +0100
From: Martin Pitt <martin.pitt/canonical.com>
To: ubuntu-security-announce/lists.ubuntu.com
Subject: [USN-257-1] tar vulnerability
Cc: full-disclosure/lists.grok.org.uk, bugtraq на securityfocus.com
===========================================================
Ubuntu Security Notice USN-257-1 February 23, 2006
tar vulnerability
CVE-2006-0300
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
tar
The problem can be corrected by upgrading the affected package to
version 1.14-2ubuntu0.1 (for Ubuntu 5.04), or 1.15.1-2ubuntu0.1 (for
Ubuntu 5.10). In general, a standard system upgrade is sufficient to
effect the necessary changes.
Details follow:
Jim Meyering discovered that tar did not properly verify the validity
of certain header fields in a GNU tar archive. By tricking an user
into processing a specially crafted tar archive, this could be
exploited to execute arbitrary code with the privileges of the user.
The tar version in Ubuntu 4.10 is not affected by this vulnerability.
----- End forwarded message -----
--
---- WBR, Michael Shigorin <mike на altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип : application/pgp-signature
Размер : 189 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url : <http://lists.altlinux.org/pipermail/security-team/attachments/20060223/e7b6cc35/attachment-0003.bin>
Подробная информация о списке рассылки Security-team