Ubuntu
tar package

  1. Bug #180299
  2. Comment #6

Comment 6 for bug 180299

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tar - 1.18-2ubuntu1.1

---------------
tar (1.18-2ubuntu1.1) gutsy-security; urgency=low

  * SECURITY UPDATE: stack-based buffer overflow with malicious tar files
    - lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as
      hash_string_insert_prefix and adjust safer_name_suffix to use
      hash_string_insert_prefix to avoid stack allocation
    - patch from upstream paxlib commits:
      http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
      http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
    - CVE-2007-4476
    - LP: #180299

 -- Jamie Strandboge <email address hidden> Wed, 14 Jan 2009 11:06:24 -0600