Skip to navigation

Security Advisory Moderate: perl-Archive-Tar security update

Advisory: RHSA-2010:0505-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-07-01
Last updated on: 2010-07-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-4829

Details

An updated perl-Archive-Tar package that fixes multiple security issues is
now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The Archive::Tar module provides a mechanism for Perl scripts to manipulate
tar archive files.

Multiple directory traversal flaws were discovered in the Archive::Tar
module. A specially-crafted tar file could cause a Perl script, using the
Archive::Tar module to extract the archive, to overwrite an arbitrary file
writable by the user running the script. (CVE-2007-4829)

This package upgrades the Archive::Tar module to version 1.39_01. Refer to
the Archive::Tar module's changes file, linked to in the References, for a
full list of changes.

Users of perl-Archive-Tar are advised to upgrade to this updated package,
which corrects these issues. All applications using the Archive::Tar module
must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm
File outdated by:  RHBA-2010:0594
    MD5: 0fa46a8ee8a00cc4aad3ef44a96aabf3
SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
 
IA-32:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
x86_64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm
File outdated by:  RHBA-2010:0595
    MD5: 8ef1da1bd7a1f2439b03f978ef53297b
SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
 
IA-32:
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm
File outdated by:  RHBA-2010:0595
    MD5: b7afcc2d55f04e989e2179d853d12da1
SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
 
IA-64:
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm
File outdated by:  RHBA-2010:0595
    MD5: b7afcc2d55f04e989e2179d853d12da1
SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
 
PPC:
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm
File outdated by:  RHBA-2010:0595
    MD5: b7afcc2d55f04e989e2179d853d12da1
SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
 
s390x:
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm
File outdated by:  RHBA-2010:0595
    MD5: b7afcc2d55f04e989e2179d853d12da1
SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
 
x86_64:
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm
File outdated by:  RHBA-2010:0595
    MD5: b7afcc2d55f04e989e2179d853d12da1
SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm
File outdated by:  RHBA-2010:0594
    MD5: 0fa46a8ee8a00cc4aad3ef44a96aabf3
SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
 
IA-32:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
IA-64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
PPC:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
s390:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
s390x:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
x86_64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm
File outdated by:  RHBA-2010:0594
    MD5: 0fa46a8ee8a00cc4aad3ef44a96aabf3
SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
 
IA-32:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
IA-64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
PPC:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
s390:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
s390x:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
x86_64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm
File outdated by:  RHBA-2010:0595
    MD5: 8ef1da1bd7a1f2439b03f978ef53297b
SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
 
IA-32:
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm
File outdated by:  RHBA-2010:0595
    MD5: b7afcc2d55f04e989e2179d853d12da1
SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
 
x86_64:
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm
File outdated by:  RHBA-2010:0595
    MD5: b7afcc2d55f04e989e2179d853d12da1
SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm
File outdated by:  RHBA-2010:0594
    MD5: 0fa46a8ee8a00cc4aad3ef44a96aabf3
SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
 
IA-32:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
IA-64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
x86_64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm
File outdated by:  RHBA-2010:0594
    MD5: 0fa46a8ee8a00cc4aad3ef44a96aabf3
SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
 
IA-32:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
IA-64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
x86_64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm
File outdated by:  RHBA-2010:0594
    MD5: 0fa46a8ee8a00cc4aad3ef44a96aabf3
SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
 
IA-32:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
IA-64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
x86_64:
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm
File outdated by:  RHBA-2010:0594
    MD5: d8d67a7a27f198ae6240138e5f4f6a60
SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

295021 - CVE-2007-4829 perl-Archive-Tar directory traversal flaws


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/