lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: gem at rellim.com (Gary E. Miller)
Subject: GLSA: tar

Yo All!

This is a joke, right?  And I am too stupid to let trolls alone?

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
	gem@...lim.com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

On Tue, 1 Oct 2002, Daniel Ahlberg wrote:

> Date: Tue, 1 Oct 2002 14:37:48 +0200
> From: Daniel Ahlberg <aliz@...too.org>
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] GLSA: tar
>
> - --------------------------------------------------------------------
> GENTOO LINUX SECURITY ANNOUNCEMENT
> - --------------------------------------------------------------------
>
> PACKAGE ? ? ? ?:tar
> SUMMARY ? ? ? ?:directory-traversal vulnerability
> DATE ? ? ? ? ? :2002-10-01 12:30 UTC
>
> - --------------------------------------------------------------------
>
> OVERVIEW
>
> The tar utility contain vulnerabilities which can allow
> arbitrary files to be overwritten during archive extraction.
>
> DETAIL
>
> During testing by Redhat of the fix to GNU tar from the advisory below,
> it was discovered that GNU tar 1.13.25 was still vulnerable to a
> modified version of the same problem.
>
> Read the full original advisory at
> http://marc.theaimsgroup.com/?l=bugtraq&m=99496364810666&w=2
>
> SOLUTION
>
> It is recommended that all Gentoo Linux users who are running
> sys-apps/tar-1.13.25-r2 and earlier update their systems
> as follows:
>
> emerge rsync
> emerge tar
> emerge clean
>
> - --------------------------------------------------------------------
> aliz@...too.org - GnuPG key is available at www.gentoo.org/~aliz
> - --------------------------------------------------------------------
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> ------------ Output from gpg ------------
> gpg: Signature made Tue Oct  1 05:37:47 2002 PDT using DSA key ID 1529A193
> gpg: Good signature from "Daniel Ahlberg <aliz@...too.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> gpg: Fingerprint: 5889 0C41 3685 10A8 4702  0602 7D3E E7CA 1529 A193
>
>


Powered by blists - more mailing lists