USN-709-1: tar vulnerability Post: 302277215

Sponsored Content

Special Forums Cybersecurity Security Advisories (RSS) USN-709-1: tar vulnerability Post 302277215 by Linux Bot on Thursday 15th of January 2009 05:10:03 PM

01-15-2009

Registered User

USN-709-1: tar vulnerability

Referenced CVEs:
CVE-2007-4476

Description:
=========================================================== Ubuntu Security Notice USN-709-1 January 15, 2009 tar vulnerability CVE-2007-4476 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tar 1.15.1-2ubuntu2.3 Ubuntu 7.10: tar 1.18-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dmitry V. Levin discovered a buffer overflow in tar. If a user or automatated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LEARN ABOUT REDHAT

what-patch

WHAT-PATCH(1)						      General Commands Manual						     WHAT-PATCH(1)

NAME

       what-patch - detect which patch system a Debian package uses

SYNOPSIS

       what-patch [options]

DESCRIPTION

       what-patch examines the debian/rules file to determine which patch system the Debian package is using.

       what-patch should be run from the root directory of the Debian source package.

OPTIONS

       Listed below are the command line options for what-patch:

       -h, --help
	      Display a help message and exit.

       -v     Enable verbose mode.  This will include the listing of any files modified outside or the debian/ directory and report any additional
	      details about the patch system if available.

AUTHORS

       what-patch was written by Kees Cook <kees@ubuntu.com>, Siegfried-A. Gevatter <rainct@ubuntu.com>, and  Daniel  Hahler  <ubuntu@thequod.de>,
       among others.  This manual page was written by Jonathan Patrick Davies <jpds@ubuntu.com>.

       Both are released under the GNU General Public License, version 3 or later.

SEE ALSO

       The Ubuntu MOTU team has some documentation about patch systems at the Ubuntu wiki: https://wiki.ubuntu.com/PackagingGuide/PatchSystems

       cdbs-edit-patch(1), dbs-edit-patch(1), dpatch-edit-patch(1)

DEBIAN
								 Debian Utilities						     WHAT-PATCH(1)