A heap-based buffer overflow flaw was found in the way tar and cpio archive manipulation tools expanded archives with certain character in the archive name. If a local user was tricked into expanding a specially-crafted archive, it could cause the tar, cpio executables to crash or, potentially, to execute arbitrary code with the privileges of the user running the utility. Link to advisory: [1] http://www.agrs.tu-berlin.de/index.php?id=78327 Acknowledgements: Red Hat would like to thank Jakob Lell for responsibly reporting this issue.
Created attachment 395483 [details] Patch to fix rtapelib overflow This simple twoliner patch should fix the issue.
Public now via [1], removing embargo.
tar-1.22-16.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/tar-1.22-16.fc13
tar-1.22-12.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/tar-1.22-12.fc12
tar-1.22-5.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/tar-1.22-5.fc11
cpio-2.10-5.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/cpio-2.10-5.fc12
cpio-2.10-6.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/cpio-2.10-6.fc13
cpio-2.9.90-8.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/cpio-2.9.90-8.fc11
tar-1.22-16.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0141 https://rhn.redhat.com/errata/RHSA-2010-0141.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2010:0142 https://rhn.redhat.com/errata/RHSA-2010-0142.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0143 https://rhn.redhat.com/errata/RHSA-2010-0143.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0144 https://rhn.redhat.com/errata/RHSA-2010-0144.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2010:0145 https://rhn.redhat.com/errata/RHSA-2010-0145.html
tar-1.22-12.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
cpio-2.10-5.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
cpio-2.10-6.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
cpio-2.9.90-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
tar-1.22-5.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.