Bug 2942 - [UPDATE REQUEST] [UPSTREAM UPDATE] libtar
: [UPDATE REQUEST] [UPSTREAM UPDATE] libtar
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-18 15:14 MSD by Andrew Lukoshko
Modified: 2013-11-13 17:35 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-10-18 15:14:40 MSD
Two heap-based buffer overflow flaws were found in the way libtar handled
certain archives. If a user were tricked into expanding a specially-crafted
archive, it could cause the libtar executable or an application using
libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397)

http://rhn.redhat.com/errata/RHSA-2013-1418.html

https://abf.rosalinux.ru/build_lists/1344042
https://abf.rosalinux.ru/build_lists/1344043
Comment 1 Alexander Petryakov 2013-10-23 03:22:46 MSD
libtar-1.2.11-17.res6.1

*********************** RHEL Advisory *************************
Two heap-based buffer overflow flaws were found in the way libtar handled
certain archives. If a user were tricked into expanding a specially-crafted
archive, it could cause the libtar executable or an application using
libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397)

http://rhn.redhat.com/errata/RHSA-2013-1418.html
***************************************************************
QA Verified