[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0210010928500.14043-100000@catbert.rellim.com>
From: gem at rellim.com (Gary E. Miller)
Subject: GLSA: tar
Yo All!
This is a joke, right? And I am too stupid to let trolls alone?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
gem@...lim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
On Tue, 1 Oct 2002, Daniel Ahlberg wrote:
> Date: Tue, 1 Oct 2002 14:37:48 +0200
> From: Daniel Ahlberg <aliz@...too.org>
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] GLSA: tar
>
> - --------------------------------------------------------------------
> GENTOO LINUX SECURITY ANNOUNCEMENT
> - --------------------------------------------------------------------
>
> PACKAGE ? ? ? ?:tar
> SUMMARY ? ? ? ?:directory-traversal vulnerability
> DATE ? ? ? ? ? :2002-10-01 12:30 UTC
>
> - --------------------------------------------------------------------
>
> OVERVIEW
>
> The tar utility contain vulnerabilities which can allow
> arbitrary files to be overwritten during archive extraction.
>
> DETAIL
>
> During testing by Redhat of the fix to GNU tar from the advisory below,
> it was discovered that GNU tar 1.13.25 was still vulnerable to a
> modified version of the same problem.
>
> Read the full original advisory at
> http://marc.theaimsgroup.com/?l=bugtraq&m=99496364810666&w=2
>
> SOLUTION
>
> It is recommended that all Gentoo Linux users who are running
> sys-apps/tar-1.13.25-r2 and earlier update their systems
> as follows:
>
> emerge rsync
> emerge tar
> emerge clean
>
> - --------------------------------------------------------------------
> aliz@...too.org - GnuPG key is available at www.gentoo.org/~aliz
> - --------------------------------------------------------------------
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> ------------ Output from gpg ------------
> gpg: Signature made Tue Oct 1 05:37:47 2002 PDT using DSA key ID 1529A193
> gpg: Good signature from "Daniel Ahlberg <aliz@...too.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> gpg: Fingerprint: 5889 0C41 3685 10A8 4702 0602 7D3E E7CA 1529 A193
>
>
Powered by blists - more mailing lists