-
tar (1.15.1-2ubuntu2.3) dapper-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow with malicious tar files
- src/names.c: updated src/names.c to rewrite hash_string_prefix as
hash_string_insert_prefix and adjust safer_name_suffix to use
hash_string_insert_prefix to avoid stack allocation
- patch from upstream paxlib commits:
http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
- CVE-2007-4476
- LP: #180299
* adjust tests/pipe.at pipe the output from `tar xfv' through sort and
regenerate tests/testsuite with autom4ke to get tests working again (how
did it ever successfully build before?)
-- Jamie Strandboge <email address hidden> Wed, 14 Jan 2009 09:10:49 -0600
-
tar (1.15.1-2ubuntu2.2) dapper-security; urgency=low
* SECURITY UPDATE: directory traversal with malicious tar files.
* src/names.c: adjust dot dot checking, patched inline.
* References
CVE-2007-4131
-- Kees Cook <email address hidden> Tue, 28 Aug 2007 09:45:12 -0700
-
tar (1.15.1-2ubuntu2.1) dapper-security; urgency=low
* SECURITY UPDATE: files can be overwritten/renamed in any writable location
in the filesystem via GNUTYPE_NAMES type.
* src/extract.c: disable GNUTYPE_NAMES type processing by default since it
allows for immediate symlink creation and renames.
* src/common.h, src/tar.c: add --allow-name-mangling option to restore
default behavior.
* References
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html
-- Kees Cook <email address hidden> Wed, 22 Nov 2006 20:21:52 -0800
-
tar (1.15.1-2ubuntu2) dapper; urgency=low
* Do not mess with directory permissions when extracting
without -p. Malone 19540.
-- Ian Jackson <email address hidden> Wed, 5 Apr 2006 17:25:15 +0100
-
tar (1.15.1-2ubuntu1) dapper; urgency=low
* SECURITY UPDATE: Arbitrary code execution with crafted tar files.
* src/xheader.c:
- Add a new function decode_num() which wraps xstrtoumax() and adds
boundary and sanity checking.
- Use decode_num() instead of xstrtoumax() in the code to avoid buffer
overflows on excessively large field values like GNU.sparse.numblocks.
- Patch taken from upstream CVS.
* CVE-2006-0300
-- Martin Pitt <email address hidden> Thu, 23 Feb 2006 11:07:05 +0100
-
tar (1.15.1-2) unstable; urgency=low
* patch from LaMont to fix gcc-4.0 error in the test suite,
closes: #308815, #310830
* patch for de.po from Jens Seidel, closes: #313900
* fix amanda upstream URL in the info pages, closes: #310158
* patch from NIIBE Yutaka to support cross builds, closes: #283723
-- Bdale Garbee <email address hidden> Tue, 14 Jun 2005 23:42:40 -0600