Bug 181772 - CVE-2006-0300 GNU tar heap overlfow bug
CVE-2006-0300 GNU tar heap overlfow bug
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: tar (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Vrabec
Ben Levenson
impact=moderate,source=redhat,reporte...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-16 09:11 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0232
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-01 09:58:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch extracted from upstream CVS (3.59 KB, patch)
2006-02-16 09:11 EST, Josh Bressers
no flags Details | Diff
Testcase generator from Jim (2.62 KB, text/plain)
2006-02-16 09:13 EST, Josh Bressers
no flags Details

  None (edit)
Description Josh Bressers 2006-02-16 09:11:47 EST
Jim Meyering discovered and silently fixed a buffer overflow bug in GNU
tar.  It looks exploitable.  There is a public mail message about it here:
http://lists.gnu.org/archive/html/bug-tar/2005-06/msg00029.html

My limited testing has shown this issue to only affect tar versions 1.14
and above.

Upstream has asked we not announce this issue until they release an update.
Comment 1 Josh Bressers 2006-02-16 09:11:47 EST
Created attachment 124746 [details]
Patch extracted from upstream CVS
Comment 2 Josh Bressers 2006-02-16 09:13:19 EST
Created attachment 124747 [details]
Testcase generator from Jim
Comment 9 Peter Vrabec 2006-02-24 05:44:03 EST
(In reply to comment #6)
> Peter, Can you create a RHTS test for this issue.

done.
Comment 11 Red Hat Bugzilla 2006-03-01 09:58:30 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0232.html

Note You need to log in before you can comment on or make changes to this bug.