Summary: | app-arch/tar < 1.18-r2 Directory traversal vulnerability (CVE-2007-4131) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | base-system, bernd, chainsaw, clmason | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | A4 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2007-08-21 09:37:26 UTC
Created attachment 128748 [details, diff]
tar-1.15.1-alt-contains_dot_dot.diff
base-system please advise and patch as necessary. 1.17-r1 and 1.18-r1 have been added to the tree with this patch. Older versions have now been punted. 1.17 is stable across all arches and 1.18 is in the process of being stabled on bug #184453. Arches please test and mark stable. Target keywords are: "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" sparc stable for 1.18-r2 (which is probably the one you want?) ppc stable x86 done amd64 stable Stable for HPPA. mips stable. alpha/ia64 stable ppc64 stable Stabling seems done on all arches, time for glsa decision. I tend to vote yes. I vote YES. I vote yes, the flaw is (apparently) easy to use, and tar is of course ubiquitous. Submitting request. This is GLSA 200709-09, done by falco. Thanks to everyone, closing |