Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4476 to the following vulnerability: Bug in the safer_name_suffix function in GNU tar may lead to a "crashing stack". It can be used to crash tar while extracting archive containing file with long name containing unsafe prefix. Affected function is also part of cpio source code. References: http://www.novell.com/linux/security/advisories/2007_18_sr.html http://lists.gnu.org/archive/html/bug-cpio/2007-08/msg00002.html
Upstream patch for paxutils / paxlib (used by recent versions of tar and cpio): http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4
Created attachment 236281 [details] patch for cpio-2.6 this patch should work for all affected software as the rest of patch from comment #1 are just optimizations for memory usage (one malloc less)
Fedora builds of fixed tar are now complete (with the patch from upstream): tar-1.15.1-27.fc6 tar-1.15.1-28.fc7 tar-1.17-4.fc8 tar-1.17-4.fc9
tar-1.15.1-28.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 245931 [details] new patch for cpio-2.6 (this one frees malloc'd memory)
fixed Fedora builds of cpio: cpio-2.6-22.fc6 cpio-2.6-28.fc7 cpio-2.9-5.fc8 cpio-2.9-5.fc9
cpio-2.6-28.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
tar-1.17-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
cpio-2.9-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0141 https://rhn.redhat.com/errata/RHSA-2010-0141.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0144 https://rhn.redhat.com/errata/RHSA-2010-0144.html