[SECURITY] Fedora 7 Update: tar-1.15.1-28.fc7

updates at fedoraproject.org updates at fedoraproject.org
Mon Oct 29 19:02:35 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2673
2007-10-29 19:02:31.281371
--------------------------------------------------------------------------------

Name        : tar
Product     : Fedora 7
Version     : 1.15.1
Release     : 28.fc7
URL         : http://www.gnu.org/software/tar/
Summary     : A GNU file archiving program
Description :
The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive. Tar
can also be used to add supplemental files to an archive and to update
or list files in the archive. Tar includes multivolume support,
automatic archive compression/decompression, the ability to perform
remote archives, and the ability to perform incremental and full
backups.

If you want to use tar for remote backups, you also need to install
the rmt package.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 24 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-28
- backported upstream patch for CVE-2007-4476
  (tar stack crashing in safer_name_suffix)
* Tue Aug 28 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-27
- fixed CVE-2007-4131 tar directory traversal vulnerability (#253684)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #280961 - CVE-2007-4476 tar stack crashing in safer_name_suffix
        https://bugzilla.redhat.com/show_bug.cgi?id=280961
  [ 2 ] CVE-2007-4476
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476
--------------------------------------------------------------------------------
Updated packages:

c09659eac15f8e77065533c34af22253d2a46e53 tar-1.15.1-28.fc7.ppc64.rpm
458b97f6abd1acd618fa562d466a271b22006e6f tar-debuginfo-1.15.1-28.fc7.ppc64.rpm
f813a5b6c36a75318aaecf771101ad2ebd640fa6 tar-1.15.1-28.fc7.i386.rpm
b84314a9e349bc5c2588b6747b06756d565643a9 tar-debuginfo-1.15.1-28.fc7.i386.rpm
eea2f8078c49a09717df1d4f22ed9f7a1f326be2 tar-debuginfo-1.15.1-28.fc7.x86_64.rpm
44bba686adf4a5a2936773253687cdc897495407 tar-1.15.1-28.fc7.x86_64.rpm
848226382b22036efe7206d1114dc7bde6e1c52a tar-1.15.1-28.fc7.ppc.rpm
f6ede3c1738cf39dec8f8fa6732ab0d4cfbb897a tar-debuginfo-1.15.1-28.fc7.ppc.rpm
d7d03d1a399275ff8283344263d392664ef1754e tar-1.15.1-28.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update tar' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list