Red Hat Bugzilla – Bug 181772
CVE-2006-0300 GNU tar heap overlfow bug
Last modified: 2007-11-30 17:07:23 EST
Jim Meyering discovered and silently fixed a buffer overflow bug in GNU
tar. It looks exploitable. There is a public mail message about it here:
My limited testing has shown this issue to only affect tar versions 1.14
Upstream has asked we not announce this issue until they release an update.
Created attachment 124746 [details]
Patch extracted from upstream CVS
Created attachment 124747 [details]
Testcase generator from Jim
(In reply to comment #6)
> Peter, Can you create a RHTS test for this issue.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.