USN-709-1: tar vulnerability

01-15-2009

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-709-1: tar vulnerability

Referenced CVEs:
CVE-2007-4476

Description:
=========================================================== Ubuntu Security Notice USN-709-1 January 15, 2009 tar vulnerability CVE-2007-4476 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tar 1.15.1-2ubuntu2.3 Ubuntu 7.10: tar 1.18-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dmitry V. Levin discovered a buffer overflow in tar. If a user or automatated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

GIT-TAR-TREE(1) Git Manual GIT-TAR-TREE(1) NAME
git-tar-tree - Create a tar archive of the files in the named tree object SYNOPSIS
git tar-tree [--remote=<repo>] <tree-ish> [ <base> ] DESCRIPTION
THIS COMMAND IS DEPRECATED. Use git archive with --format=tar option instead (and move the <base> argument to --prefix=base/). Creates a tar archive containing the tree structure for the named tree. When <base> is specified it is added as a leading path to the files in the generated tar archive. git tar-tree behaves differently when given a tree ID versus when given a commit ID or tag ID. In the first case the current time is used as modification time of each file in the archive. In the latter case the commit time as recorded in the referenced commit object is used instead. Additionally the commit ID is stored in a global extended pax header. It can be extracted using git get-tar-commit-id. OPTIONS
<tree-ish> The tree or commit to produce tar archive for. If it is the object name of a commit object. <base> Leading path to the files in the resulting tar archive. --remote=<repo> Instead of making a tar archive from local repository, retrieve a tar archive from a remote repository. CONFIGURATION
tar.umask This variable can be used to restrict the permission bits of tar archive entries. The default is 0002, which turns off the world write bit. The special value "user" indicates that the archiving user's umask will be used instead. See umask(2) for details. EXAMPLES
git tar-tree HEAD junk | (cd /var/tmp/ && tar xf -) Create a tar archive that contains the contents of the latest commit on the current branch, and extracts it in /var/tmp/junk directory. git tar-tree v1.4.0 git-1.4.0 | gzip >git-1.4.0.tar.gz Create a tarball for v1.4.0 release. git tar-tree v1.4.0^{tree} git-1.4.0 | gzip >git-1.4.0.tar.gz Create a tarball for v1.4.0 release, but without a global extended pax header. git tar-tree --remote=example.com:git.git v1.4.0 >git-1.4.0.tar Get a tarball v1.4.0 from example.com. git tar-tree HEAD:Documentation/ git-docs > git-1.4.0-docs.tar Put everything in the current head's Documentation/ directory into git-1.4.0-docs.tar, with the prefix git-docs/. GIT
Part of the git(1) suite Git 1.8.3.1 06/10/2014 GIT-TAR-TREE(1)

Security Advisories (RSS)

USN-709-1: tar vulnerability

LEARN ABOUT CENTOS

git-tar-tree