Fedora Legacy Test Update Notification: tar (fc3)

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Mar 16 01:33:13 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-183571-2
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183571
2006-03-15
---------------------------------------------------------------------

Name        : tar
Versions    : fc3: tar-1.14-5.FC3.1.legacy
Summary     : A GNU file archiving program.
Description :
The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive. Tar
can also be used to add supplemental files to an archive and to update
or list files in the archive. Tar includes multivolume support,
automatic archive compression/decompression, the ability to perform
remote archives, and the ability to perform incremental and full
backups.

---------------------------------------------------------------------
Update Information:

An updated tar package that fixes a buffer overflow bug is now
available.

The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.

Jim Meyering discovered a buffer overflow bug in the way GNU tar
extracts malformed archives. By tricking a user into extracting a
malicious tar archive, it is possible to execute arbitrary code as the
user running tar. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-0300 to this issue.

Users of tar should upgrade to this updated package, which contains a
backported patch to correct this issue.

---------------------------------------------------------------------
Changelogs

fc3:
* Wed Mar 08 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.14-5.FC3.1.legacy
- fix heap overlfow bug CVE-2006-0300

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc3:
4f6bcb8de3d063812be162a217aeea29f2fc5963
fedora/3/updates-testing/i386/tar-1.14-5.FC3.1.legacy.i386.rpm
42eec5a437fb2d1205684c224d10efde0ff8c65e
fedora/3/updates-testing/x86_64/tar-1.14-5.FC3.1.legacy.x86_64.rpm
244730a9296048ff02b1700ca982bc10cef7fec0
fedora/3/updates-testing/SRPMS/tar-1.14-5.FC3.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060315/312c4f7e/attachment.sig>

More information about the fedora-legacy-list mailing list