[Security-team] Fwd: [USN-257-1] tar vulnerability

[Michael Shigorin]

	Здравствуйте.
А нас (2.4/3.0) это касается?  В Sisyphus исправление вижу,
mdk advisory вижу, а вот оригинальный CVE entry закрыт:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300

----- Forwarded message from Martin Pitt <martin.pitt/canonical.com> -----

Date: Thu, 23 Feb 2006 15:08:58 +0100
From: Martin Pitt <martin.pitt/canonical.com>
To: ubuntu-security-announce/lists.ubuntu.com
Subject: [USN-257-1] tar vulnerability
Cc: full-disclosure/lists.grok.org.uk, bugtraq на securityfocus.com

===========================================================
Ubuntu Security Notice USN-257-1	  February 23, 2006
tar vulnerability
CVE-2006-0300
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

tar

The problem can be corrected by upgrading the affected package to
version 1.14-2ubuntu0.1 (for Ubuntu 5.04), or 1.15.1-2ubuntu0.1 (for
Ubuntu 5.10).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Jim Meyering discovered that tar did not properly verify the validity
of certain header fields in a GNU tar archive. By tricking an user
into processing a specially crafted tar archive, this could be
exploited to execute arbitrary code with the privileges of the user.

The tar version in Ubuntu 4.10 is not affected by this vulnerability.

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike на altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 189 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url     : <http://lists.altlinux.org/pipermail/security-team/attachments/20060223/e7b6cc35/attachment-0003.bin>