Skip to navigation

Security Advisory Moderate: tar security update

Advisory: RHSA-2006:0749-2
Type: Security Advisory
Severity: Moderate
Issued on: 2006-12-19
Last updated on: 2006-12-19
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2006-6097

Details

Updated tar packages that fix a path traversal flaw are now available.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.

Teemu Salmela discovered a path traversal flaw in the way GNU tar extracted
archives. A malicious user could create a tar archive that could write to
arbitrary files to which the user running GNU tar has write access.
(CVE-2006-6097)

Users of tar should upgrade to this updated package, which contains a
replacement backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
tar-1.13.25-15.RHEL3.src.rpm
File outdated by:  RHSA-2010:0142
    MD5: 48b87b75152449ec8fac039fce6c481f
 
IA-32:
tar-1.13.25-15.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0142
    MD5: 2f78f39c91f8674ecf30ab82cc6577ad
 
x86_64:
tar-1.13.25-15.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0142
    MD5: 7df94215917d5d5cb8870801fcf43bd2
 
Red Hat Desktop (v. 4)

SRPMS:
tar-1.14-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0141
    MD5: 915d5fef3750a417683d3ad52aaf0158
 
IA-32:
tar-1.14-12.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0141
    MD5: 94e0f0511e8357b7f4538edfa35e88e6
 
x86_64:
tar-1.14-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0141
    MD5: 817bae24d9975f961434839605c668e2
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
tar-1.13.25-6.AS21.1.src.rpm     MD5: 9cb62366b2c0328cd799f4f1d01b4f85
 
IA-32:
tar-1.13.25-6.AS21.1.i386.rpm     MD5: 82e737e4a7932200e3760d8bb8db96d7
 
IA-64:
tar-1.13.25-6.AS21.1.ia64.rpm     MD5: dbbd437b5ee88e65bf4c7731b48ea8e5
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
tar-1.13.25-15.RHEL3.src.rpm
File outdated by:  RHSA-2010:0142
    MD5: 48b87b75152449ec8fac039fce6c481f
 
IA-32:
tar-1.13.25-15.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0142
    MD5: 2f78f39c91f8674ecf30ab82cc6577ad
 
IA-64:
tar-1.13.25-15.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0142
    MD5: e6c05756ca0754ca7470434e284a5509
 
PPC:
tar-1.13.25-15.RHEL3.ppc.rpm
File outdated by:  RHSA-2010:0142
    MD5: ec3903c1c8424a68d66c033aee38ef3d
 
s390:
tar-1.13.25-15.RHEL3.s390.rpm
File outdated by:  RHSA-2010:0142
    MD5: d748e97d9288a1529eccff07be2ea647
 
s390x:
tar-1.13.25-15.RHEL3.s390x.rpm
File outdated by:  RHSA-2010:0142
    MD5: 4137e79c7202881ae6c26b7220060c7b
 
x86_64:
tar-1.13.25-15.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0142
    MD5: 7df94215917d5d5cb8870801fcf43bd2
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
tar-1.14-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0141
    MD5: 915d5fef3750a417683d3ad52aaf0158
 
IA-32:
tar-1.14-12.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0141
    MD5: 94e0f0511e8357b7f4538edfa35e88e6
 
IA-64:
tar-1.14-12.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0141
    MD5: 4fdf307c4fbbb324a45f459056a9f5dc
 
PPC:
tar-1.14-12.RHEL4.ppc.rpm
File outdated by:  RHSA-2010:0141
    MD5: 7daef3e5491853a369775887103f8858
 
s390:
tar-1.14-12.RHEL4.s390.rpm
File outdated by:  RHSA-2010:0141
    MD5: 0fda5b626b7fc9eb0324dc22a4075d75
 
s390x:
tar-1.14-12.RHEL4.s390x.rpm
File outdated by:  RHSA-2010:0141
    MD5: 91682d1f8c79e64a1aa5b7f3dfb514d4
 
x86_64:
tar-1.14-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0141
    MD5: 817bae24d9975f961434839605c668e2
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
tar-1.13.25-6.AS21.1.src.rpm     MD5: 9cb62366b2c0328cd799f4f1d01b4f85
 
IA-32:
tar-1.13.25-6.AS21.1.i386.rpm     MD5: 82e737e4a7932200e3760d8bb8db96d7
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
tar-1.13.25-15.RHEL3.src.rpm
File outdated by:  RHSA-2010:0142
    MD5: 48b87b75152449ec8fac039fce6c481f
 
IA-32:
tar-1.13.25-15.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0142
    MD5: 2f78f39c91f8674ecf30ab82cc6577ad
 
IA-64:
tar-1.13.25-15.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0142
    MD5: e6c05756ca0754ca7470434e284a5509
 
x86_64:
tar-1.13.25-15.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0142
    MD5: 7df94215917d5d5cb8870801fcf43bd2
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
tar-1.14-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0141
    MD5: 915d5fef3750a417683d3ad52aaf0158
 
IA-32:
tar-1.14-12.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0141
    MD5: 94e0f0511e8357b7f4538edfa35e88e6
 
IA-64:
tar-1.14-12.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0141
    MD5: 4fdf307c4fbbb324a45f459056a9f5dc
 
x86_64:
tar-1.14-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0141
    MD5: 817bae24d9975f961434839605c668e2
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
tar-1.13.25-6.AS21.1.src.rpm     MD5: 9cb62366b2c0328cd799f4f1d01b4f85
 
IA-32:
tar-1.13.25-6.AS21.1.i386.rpm     MD5: 82e737e4a7932200e3760d8bb8db96d7
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
tar-1.13.25-15.RHEL3.src.rpm
File outdated by:  RHSA-2010:0142
    MD5: 48b87b75152449ec8fac039fce6c481f
 
IA-32:
tar-1.13.25-15.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0142
    MD5: 2f78f39c91f8674ecf30ab82cc6577ad
 
IA-64:
tar-1.13.25-15.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0142
    MD5: e6c05756ca0754ca7470434e284a5509
 
x86_64:
tar-1.13.25-15.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0142
    MD5: 7df94215917d5d5cb8870801fcf43bd2
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
tar-1.14-12.RHEL4.src.rpm
File outdated by:  RHSA-2010:0141
    MD5: 915d5fef3750a417683d3ad52aaf0158
 
IA-32:
tar-1.14-12.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0141
    MD5: 94e0f0511e8357b7f4538edfa35e88e6
 
IA-64:
tar-1.14-12.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0141
    MD5: 4fdf307c4fbbb324a45f459056a9f5dc
 
x86_64:
tar-1.14-12.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0141
    MD5: 817bae24d9975f961434839605c668e2
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
tar-1.13.25-6.AS21.1.src.rpm     MD5: 9cb62366b2c0328cd799f4f1d01b4f85
 
IA-64:
tar-1.13.25-6.AS21.1.ia64.rpm     MD5: dbbd437b5ee88e65bf4c7731b48ea8e5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

216937 - CVE-2006-6097 GNU tar directory traversal


References


Keywords

GNUTYPE_NAMES, path, traversal


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/