LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: tar security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated tar packages that fix a path traversal flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: tar security update
Advisory ID:       RHSA-2006:0749-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0749.html
Issue date:        2006-12-19
Updated on:        2006-12-19
Product:           Red Hat Enterprise Linux
Keywords:          path traversal GNUTYPE_NAMES
CVE Names:         CVE-2006-6097 
- ---------------------------------------------------------------------

1. Summary:

Updated tar packages that fix a path traversal flaw are now available.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive. 

Teemu Salmela discovered a path traversal flaw in the way GNU tar extracted
archives. A malicious user could create a tar archive that could write to
arbitrary files to which the user running GNU tar has write access.
(CVE-2006-6097)

Users of tar should upgrade to this updated package, which contains a
replacement backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

216937 - CVE-2006-6097 GNU tar directory traversal

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tar-1.13.25-6.AS21.1.src.rpm
9cb62366b2c0328cd799f4f1d01b4f85  tar-1.13.25-6.AS21.1.src.rpm

i386:
82e737e4a7932200e3760d8bb8db96d7  tar-1.13.25-6.AS21.1.i386.rpm

ia64:
dbbd437b5ee88e65bf4c7731b48ea8e5  tar-1.13.25-6.AS21.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tar-1.13.25-6.AS21.1.src.rpm
9cb62366b2c0328cd799f4f1d01b4f85  tar-1.13.25-6.AS21.1.src.rpm

ia64:
dbbd437b5ee88e65bf4c7731b48ea8e5  tar-1.13.25-6.AS21.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tar-1.13.25-6.AS21.1.src.rpm
9cb62366b2c0328cd799f4f1d01b4f85  tar-1.13.25-6.AS21.1.src.rpm

i386:
82e737e4a7932200e3760d8bb8db96d7  tar-1.13.25-6.AS21.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tar-1.13.25-6.AS21.1.src.rpm
9cb62366b2c0328cd799f4f1d01b4f85  tar-1.13.25-6.AS21.1.src.rpm

i386:
82e737e4a7932200e3760d8bb8db96d7  tar-1.13.25-6.AS21.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tar-1.13.25-15.RHEL3.src.rpm
48b87b75152449ec8fac039fce6c481f  tar-1.13.25-15.RHEL3.src.rpm

i386:
2f78f39c91f8674ecf30ab82cc6577ad  tar-1.13.25-15.RHEL3.i386.rpm
c407f5bdc6767bb319ca2b6ba7079790  tar-debuginfo-1.13.25-15.RHEL3.i386.rpm

ia64:
e6c05756ca0754ca7470434e284a5509  tar-1.13.25-15.RHEL3.ia64.rpm
696316c2fd2aeccde4bbae0d1ebf65c7  tar-debuginfo-1.13.25-15.RHEL3.ia64.rpm

ppc:
ec3903c1c8424a68d66c033aee38ef3d  tar-1.13.25-15.RHEL3.ppc.rpm
c57a3a691487c4fc77d45c6e856443ad  tar-debuginfo-1.13.25-15.RHEL3.ppc.rpm

s390:
d748e97d9288a1529eccff07be2ea647  tar-1.13.25-15.RHEL3.s390.rpm
e9ff9bade43a8642100ac5163e3879da  tar-debuginfo-1.13.25-15.RHEL3.s390.rpm

s390x:
4137e79c7202881ae6c26b7220060c7b  tar-1.13.25-15.RHEL3.s390x.rpm
db7118e59b15e43c9fefc4857e06a467  tar-debuginfo-1.13.25-15.RHEL3.s390x.rpm

x86_64:
7df94215917d5d5cb8870801fcf43bd2  tar-1.13.25-15.RHEL3.x86_64.rpm
65b80aa52e2532a74f88050830729ca3  tar-debuginfo-1.13.25-15.RHEL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tar-1.13.25-15.RHEL3.src.rpm
48b87b75152449ec8fac039fce6c481f  tar-1.13.25-15.RHEL3.src.rpm

i386:
2f78f39c91f8674ecf30ab82cc6577ad  tar-1.13.25-15.RHEL3.i386.rpm
c407f5bdc6767bb319ca2b6ba7079790  tar-debuginfo-1.13.25-15.RHEL3.i386.rpm

x86_64:
7df94215917d5d5cb8870801fcf43bd2  tar-1.13.25-15.RHEL3.x86_64.rpm
65b80aa52e2532a74f88050830729ca3  tar-debuginfo-1.13.25-15.RHEL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tar-1.13.25-15.RHEL3.src.rpm
48b87b75152449ec8fac039fce6c481f  tar-1.13.25-15.RHEL3.src.rpm

i386:
2f78f39c91f8674ecf30ab82cc6577ad  tar-1.13.25-15.RHEL3.i386.rpm
c407f5bdc6767bb319ca2b6ba7079790  tar-debuginfo-1.13.25-15.RHEL3.i386.rpm

ia64:
e6c05756ca0754ca7470434e284a5509  tar-1.13.25-15.RHEL3.ia64.rpm
696316c2fd2aeccde4bbae0d1ebf65c7  tar-debuginfo-1.13.25-15.RHEL3.ia64.rpm

x86_64:
7df94215917d5d5cb8870801fcf43bd2  tar-1.13.25-15.RHEL3.x86_64.rpm
65b80aa52e2532a74f88050830729ca3  tar-debuginfo-1.13.25-15.RHEL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tar-1.13.25-15.RHEL3.src.rpm
48b87b75152449ec8fac039fce6c481f  tar-1.13.25-15.RHEL3.src.rpm

i386:
2f78f39c91f8674ecf30ab82cc6577ad  tar-1.13.25-15.RHEL3.i386.rpm
c407f5bdc6767bb319ca2b6ba7079790  tar-debuginfo-1.13.25-15.RHEL3.i386.rpm

ia64:
e6c05756ca0754ca7470434e284a5509  tar-1.13.25-15.RHEL3.ia64.rpm
696316c2fd2aeccde4bbae0d1ebf65c7  tar-debuginfo-1.13.25-15.RHEL3.ia64.rpm

x86_64:
7df94215917d5d5cb8870801fcf43bd2  tar-1.13.25-15.RHEL3.x86_64.rpm
65b80aa52e2532a74f88050830729ca3  tar-debuginfo-1.13.25-15.RHEL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tar-1.14-12.RHEL4.src.rpm
915d5fef3750a417683d3ad52aaf0158  tar-1.14-12.RHEL4.src.rpm

i386:
94e0f0511e8357b7f4538edfa35e88e6  tar-1.14-12.RHEL4.i386.rpm
f63b90bf3eb3d1c24e254c55f6ce0e86  tar-debuginfo-1.14-12.RHEL4.i386.rpm

ia64:
4fdf307c4fbbb324a45f459056a9f5dc  tar-1.14-12.RHEL4.ia64.rpm
eda06f72c4b6a7cfe9faa02a6b8fa8d5  tar-debuginfo-1.14-12.RHEL4.ia64.rpm

ppc:
7daef3e5491853a369775887103f8858  tar-1.14-12.RHEL4.ppc.rpm
beb775fbc5ae5af860555a764b4f96e1  tar-debuginfo-1.14-12.RHEL4.ppc.rpm

s390:
0fda5b626b7fc9eb0324dc22a4075d75  tar-1.14-12.RHEL4.s390.rpm
9420349015d1c73923a30ac7082fb123  tar-debuginfo-1.14-12.RHEL4.s390.rpm

s390x:
91682d1f8c79e64a1aa5b7f3dfb514d4  tar-1.14-12.RHEL4.s390x.rpm
22c5cd9c1d7bf1d8603cbd18f4e462a1  tar-debuginfo-1.14-12.RHEL4.s390x.rpm

x86_64:
817bae24d9975f961434839605c668e2  tar-1.14-12.RHEL4.x86_64.rpm
de775868851463fbd286b2d2bfd16b87  tar-debuginfo-1.14-12.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tar-1.14-12.RHEL4.src.rpm
915d5fef3750a417683d3ad52aaf0158  tar-1.14-12.RHEL4.src.rpm

i386:
94e0f0511e8357b7f4538edfa35e88e6  tar-1.14-12.RHEL4.i386.rpm
f63b90bf3eb3d1c24e254c55f6ce0e86  tar-debuginfo-1.14-12.RHEL4.i386.rpm

x86_64:
817bae24d9975f961434839605c668e2  tar-1.14-12.RHEL4.x86_64.rpm
de775868851463fbd286b2d2bfd16b87  tar-debuginfo-1.14-12.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tar-1.14-12.RHEL4.src.rpm
915d5fef3750a417683d3ad52aaf0158  tar-1.14-12.RHEL4.src.rpm

i386:
94e0f0511e8357b7f4538edfa35e88e6  tar-1.14-12.RHEL4.i386.rpm
f63b90bf3eb3d1c24e254c55f6ce0e86  tar-debuginfo-1.14-12.RHEL4.i386.rpm

ia64:
4fdf307c4fbbb324a45f459056a9f5dc  tar-1.14-12.RHEL4.ia64.rpm
eda06f72c4b6a7cfe9faa02a6b8fa8d5  tar-debuginfo-1.14-12.RHEL4.ia64.rpm

x86_64:
817bae24d9975f961434839605c668e2  tar-1.14-12.RHEL4.x86_64.rpm
de775868851463fbd286b2d2bfd16b87  tar-debuginfo-1.14-12.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tar-1.14-12.RHEL4.src.rpm
915d5fef3750a417683d3ad52aaf0158  tar-1.14-12.RHEL4.src.rpm

i386:
94e0f0511e8357b7f4538edfa35e88e6  tar-1.14-12.RHEL4.i386.rpm
f63b90bf3eb3d1c24e254c55f6ce0e86  tar-debuginfo-1.14-12.RHEL4.i386.rpm

ia64:
4fdf307c4fbbb324a45f459056a9f5dc  tar-1.14-12.RHEL4.ia64.rpm
eda06f72c4b6a7cfe9faa02a6b8fa8d5  tar-debuginfo-1.14-12.RHEL4.ia64.rpm

x86_64:
817bae24d9975f961434839605c668e2  tar-1.14-12.RHEL4.x86_64.rpm
de775868851463fbd286b2d2bfd16b87  tar-debuginfo-1.14-12.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.