[Technik] [SECURITY] [DSA 1223-1] New tar packages fix
arbitrary file overwrite
Noèl Köthe
noel at debian.org
Sat Dec 2 10:35:35 CET 2006
Am Freitag, den 01.12.2006, 17:26 +0100 schrieb Noah Meyerhans:
> Debian Security Advisory DSA-1223-1 security at debian.org
> http://www.debian.org/security/ Noah Meyerhans
> December 01, 2006
>
> Package : tar
> Vulnerability : input validation error
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2006-6097
> BugTraq ID : 21235
> Debian Bug : 399845
tar auf pima, pomo, yuma, cusa, cree, wasco, cupa, kiowa, karuk, kansa,
acoma, h01, h02, h03 und h04 aktualisiert.
> For the stable distribution (sarge), this problem has been fixed in
> version 1.14-2.3
changelog:
tar (1.14-2.3) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix arbitrary file overwrite vulnerability in the handling of
GNUTYPE_NAMES records in tar files. CVE-2006-6097
-- Noah Meyerhans <noahm at debian.org> Thu, 30 Nov 2006 17:16:37 -0500
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20061202/2ae17055/attachment.pgp
More information about the Technik
mailing list