USN-709-1: tar vulnerability

01-15-2009

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-709-1: tar vulnerability

Referenced CVEs:
CVE-2007-4476

Description:
=========================================================== Ubuntu Security Notice USN-709-1 January 15, 2009 tar vulnerability CVE-2007-4476 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tar 1.15.1-2ubuntu2.3 Ubuntu 7.10: tar 1.18-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dmitry V. Levin discovered a buffer overflow in tar. If a user or automatated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

virt-tar-in(1) Virtualization Support virt-tar-in(1) NAME
virt-tar-in - Unpack a tarball into a virtual machine disk image. SYNOPSIS
virt-tar-in -a disk.img data.tar /destination virt-tar-in -d domain data.tar /destination zcat data.tar.gz | virt-tar-in -d domain - /destination WARNING
Using "virt-tar-in" on live virtual machines can be dangerous, potentially causing disk corruption. The virtual machine must be shut down before you use this command. DESCRIPTION
"virt-tar-in" unpacks an uncompressed tarball into a virtual machine disk image or named libvirt domain. The first parameter is the tar file. Use "-" to read the tar file from standard input. The second parameter is the absolute target directory to unpack into. EXAMPLES
Upload a home directory to a guest: virt-tar-in -d MyGuest homes.tar /home JUST A SHELL SCRIPT WRAPPER AROUND GUESTFISH
This command is just a simple shell script wrapper around the guestfish(1) "tar-in" command. For anything more complex than a trivial copy, you are probably better off using guestfish directly. OPTIONS
Since the shell script just passes options straight to guestfish, read guestfish(1) to see the full list of options. SEE ALSO
guestfish(1), virt-cat(1), virt-copy-in(1), virt-copy-out(1), virt-edit(1), virt-make-fs(1), virt-tar-out(1), <http://libguestfs.org/>. AUTHORS
Richard W.M. Jones ("rjones at redhat dot com") COPYRIGHT
Copyright (C) 2011 Red Hat Inc. <http://libguestfs.org/> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. libguestfs-1.18.1 2013-12-07 virt-tar-in(1)

Security Advisories (RSS)

USN-709-1: tar vulnerability

LEARN ABOUT SUSE

virt-tar-in