--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-183571-2 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183571 2006-03-15 --------------------------------------------------------------------- Name : tar Versions : fc3: tar-1.14-5.FC3.1.legacy Summary : A GNU file archiving program. Description : The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive compression/decompression, the ability to perform remote archives, and the ability to perform incremental and full backups. --------------------------------------------------------------------- Update Information: An updated tar package that fixes a buffer overflow bug is now available. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Jim Meyering discovered a buffer overflow bug in the way GNU tar extracts malformed archives. By tricking a user into extracting a malicious tar archive, it is possible to execute arbitrary code as the user running tar. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0300 to this issue. Users of tar should upgrade to this updated package, which contains a backported patch to correct this issue. --------------------------------------------------------------------- Changelogs fc3: * Wed Mar 08 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.14-5.FC3.1.legacy - fix heap overlfow bug CVE-2006-0300 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fc3: 4f6bcb8de3d063812be162a217aeea29f2fc5963 fedora/3/updates-testing/i386/tar-1.14-5.FC3.1.legacy.i386.rpm 42eec5a437fb2d1205684c224d10efde0ff8c65e fedora/3/updates-testing/x86_64/tar-1.14-5.FC3.1.legacy.x86_64.rpm 244730a9296048ff02b1700ca982bc10cef7fec0 fedora/3/updates-testing/SRPMS/tar-1.14-5.FC3.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
