[Bug 180299] Re: [tar] [CVE-2007-4476] Buffer overflow

Launchpad Bug Tracker Thu, 15 Jan 2009 11:55:28 -0800

This bug was fixed in the package tar - 1.18-2ubuntu1.1

---------------
tar (1.18-2ubuntu1.1) gutsy-security; urgency=low


  * SECURITY UPDATE: stack-based buffer overflow with malicious tar files
    - lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as
      hash_string_insert_prefix and adjust safer_name_suffix to use
      hash_string_insert_prefix to avoid stack allocation
    - patch from upstream paxlib commits:
      
http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
      
http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
    - CVE-2007-4476
    - LP: #180299

 -- Jamie Strandboge <ja...@ubuntu.com>   Wed, 14 Jan 2009 11:06:24
-0600

** Changed in: tar (Ubuntu Gutsy)
       Status: In Progress => Fix Released

-- 
[tar] [CVE-2007-4476] Buffer overflow
https://bugs.launchpad.net/bugs/180299
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 180299] Re: [tar] [CVE-2007-4476] Buffer overflow

Reply via email to