+++ This bug was initially created as a clone of Bug #181772 +++ Jim Meyering discovered and silently fixed a buffer overflow bug in GNU tar. It looks exploitable. There is a public mail message about it here: http://lists.gnu.org/archive/html/bug-tar/2005-06/msg00029.html My limited testing has shown this issue to only affect tar versions 1.14 and above. Upstream has asked we not announce this issue until they release an update. -- Additional comment from bressers on 2006-02-16 09:11 EST -- Created an attachment (id=124746) Patch extracted from upstream CVS -- Additional comment from bressers on 2006-02-16 09:13 EST -- Created an attachment (id=124747) Testcase generator from Jim
*** Bug 182404 has been marked as a duplicate of this bug. ***
remove embargo, fix at will
fixed in update id #114 tar-1.15.1-12.FC4 and devel too
BTW, when tar-1.15.1-12.FC4 will be released ;-) I can't find it in master server: % curl -s http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/i386/| perl -nle '/href="(tar-[^"]+)/ and print $1' tar-1.15.1-11.FC4.i386.rpm