Skip to navigation

Security Advisory Moderate: libtar security update

Advisory: RHSA-2013:1418-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-10-10
Last updated on: 2013-10-10
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-4397

Details

An updated libtar package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The libtar package contains a C library for manipulating tar archives. The
library supports both the strict POSIX tar format and many of the commonly
used GNU extensions.

Two heap-based buffer overflow flaws were found in the way libtar handled
certain archives. If a user were tricked into expanding a specially-crafted
archive, it could cause the libtar executable or an application using
libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397)

Note: This issue only affected 32-bit builds of libtar.

Red Hat would like to thank Timo Warns for reporting this issue.

All libtar users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
libtar-1.2.11-17.el6_4.1.src.rpm     MD5: a6f666f5513043937bff5cb9fb7049e4
SHA-256: 0cfa5d1104300fffb5387d77c3a846403eb6269423593ed3a8918697dbf19c00
 
IA-32:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
 
x86_64:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-1.2.11-17.el6_4.1.x86_64.rpm     MD5: 87dfb4341d1e06f2ff32dcbbab28d4f7
SHA-256: ba1ccdfa039954e3bd9622e249c31e438683ac6589e5173bfa4294c0cf4871be
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-debuginfo-1.2.11-17.el6_4.1.x86_64.rpm     MD5: daa0c84e92749510c222a026cb1f6c0a
SHA-256: 0b75c5caf1b01fbef4b32e5917bf9b708e4b50a5f652ec097ffaa40ceac7278d
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm     MD5: e6c1b88d7d222469495a010ccbabd961
SHA-256: b829c8b8d96c5fd35c85587392a60049d6fd89c0863fbde9eda7dc8a72311569
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
libtar-1.2.11-17.el6_4.1.src.rpm     MD5: a6f666f5513043937bff5cb9fb7049e4
SHA-256: 0cfa5d1104300fffb5387d77c3a846403eb6269423593ed3a8918697dbf19c00
 
x86_64:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-1.2.11-17.el6_4.1.x86_64.rpm     MD5: 87dfb4341d1e06f2ff32dcbbab28d4f7
SHA-256: ba1ccdfa039954e3bd9622e249c31e438683ac6589e5173bfa4294c0cf4871be
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-debuginfo-1.2.11-17.el6_4.1.x86_64.rpm     MD5: daa0c84e92749510c222a026cb1f6c0a
SHA-256: 0b75c5caf1b01fbef4b32e5917bf9b708e4b50a5f652ec097ffaa40ceac7278d
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm     MD5: e6c1b88d7d222469495a010ccbabd961
SHA-256: b829c8b8d96c5fd35c85587392a60049d6fd89c0863fbde9eda7dc8a72311569
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
libtar-1.2.11-17.el6_4.1.src.rpm     MD5: a6f666f5513043937bff5cb9fb7049e4
SHA-256: 0cfa5d1104300fffb5387d77c3a846403eb6269423593ed3a8918697dbf19c00
 
IA-32:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
 
PPC:
libtar-1.2.11-17.el6_4.1.ppc.rpm     MD5: c40794ecc27bca2a63f5a128825f8149
SHA-256: 93b45d57bcfcfd2048dae25a9e2549f8846ee270f022c7a6cd418eeba2b2ee05
libtar-1.2.11-17.el6_4.1.ppc64.rpm     MD5: 0eebf375aeec7c57363fef94368ec1ba
SHA-256: a3a57a41aae477b3cb6c0d0a5be5b114eed15335640afbebcc55a6da0bd20ffb
libtar-debuginfo-1.2.11-17.el6_4.1.ppc.rpm     MD5: 53d1e6602468c7cfd84fdd7522b8f762
SHA-256: 40e29be0991c9fa2f3177eb057d3b374b39313b0381e5d0e5ca030c146f95f03
libtar-debuginfo-1.2.11-17.el6_4.1.ppc64.rpm     MD5: fa55cc556dec6e953949c8e21fdec4b9
SHA-256: e73cf0dd2deeaf353d3a8060ceb73bc016d635b8172f1c9d8ecb231c4a1c58c7
libtar-devel-1.2.11-17.el6_4.1.ppc.rpm     MD5: 372a0af7a85837610f91e1d39df0ffc2
SHA-256: 5c51c437dfa2aef20b8e6f54cae566068419b8cece7b30c264b735bc55ad7cb6
libtar-devel-1.2.11-17.el6_4.1.ppc64.rpm     MD5: dcf6c3e81a18ed1199aa570b4793d44f
SHA-256: ecde42631b281dceacba5226d36ea8d2c6d5e2687604b8d6b46c3239dc295e26
 
s390x:
libtar-1.2.11-17.el6_4.1.s390.rpm     MD5: 423ad48bf060351a8236e01eb0595177
SHA-256: 1b375378c3f6466e49639c92d5b88e23892eacc4361120d21aa29f6463508c54
libtar-1.2.11-17.el6_4.1.s390x.rpm     MD5: 2812ab5b05bc350e1a271a5ff5f00161
SHA-256: 75e7c976e6b7703561a54d285285c116bbfd851ad4c3e5c6f4fc664f81936cbe
libtar-debuginfo-1.2.11-17.el6_4.1.s390.rpm     MD5: 4fc97384794bd57190528f56bfc86fe0
SHA-256: ce7521e340b11cf151baea52cc9b44f1a29fad7300d07471051ddd61b3112948
libtar-debuginfo-1.2.11-17.el6_4.1.s390x.rpm     MD5: 602156b80bf61073a041173c0feaa644
SHA-256: 0c33e2278d32e894d319fa8352745133efde917b11ea81b260582d6d4149f81e
libtar-devel-1.2.11-17.el6_4.1.s390.rpm     MD5: fd43261b4e6e5c6120492109e4950a3e
SHA-256: 5eda485481e0da7e5ee4b2827dafafe4538d54953922c82b7f065d8a88effe09
libtar-devel-1.2.11-17.el6_4.1.s390x.rpm     MD5: 1ceb09929ad1b4a543a04775f23bb939
SHA-256: cd6bffe7e81c477fa98c4037fbb9a436e2fe5e6f245c2b885bca0b36a5255373
 
x86_64:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-1.2.11-17.el6_4.1.x86_64.rpm     MD5: 87dfb4341d1e06f2ff32dcbbab28d4f7
SHA-256: ba1ccdfa039954e3bd9622e249c31e438683ac6589e5173bfa4294c0cf4871be
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-debuginfo-1.2.11-17.el6_4.1.x86_64.rpm     MD5: daa0c84e92749510c222a026cb1f6c0a
SHA-256: 0b75c5caf1b01fbef4b32e5917bf9b708e4b50a5f652ec097ffaa40ceac7278d
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm     MD5: e6c1b88d7d222469495a010ccbabd961
SHA-256: b829c8b8d96c5fd35c85587392a60049d6fd89c0863fbde9eda7dc8a72311569
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
libtar-1.2.11-17.el6_4.1.src.rpm     MD5: a6f666f5513043937bff5cb9fb7049e4
SHA-256: 0cfa5d1104300fffb5387d77c3a846403eb6269423593ed3a8918697dbf19c00
 
x86_64:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-1.2.11-17.el6_4.1.x86_64.rpm     MD5: 87dfb4341d1e06f2ff32dcbbab28d4f7
SHA-256: ba1ccdfa039954e3bd9622e249c31e438683ac6589e5173bfa4294c0cf4871be
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-debuginfo-1.2.11-17.el6_4.1.x86_64.rpm     MD5: daa0c84e92749510c222a026cb1f6c0a
SHA-256: 0b75c5caf1b01fbef4b32e5917bf9b708e4b50a5f652ec097ffaa40ceac7278d
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm     MD5: e6c1b88d7d222469495a010ccbabd961
SHA-256: b829c8b8d96c5fd35c85587392a60049d6fd89c0863fbde9eda7dc8a72311569
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)

SRPMS:
libtar-1.2.11-17.el6_4.1.src.rpm     MD5: a6f666f5513043937bff5cb9fb7049e4
SHA-256: 0cfa5d1104300fffb5387d77c3a846403eb6269423593ed3a8918697dbf19c00
 
IA-32:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
 
PPC:
libtar-1.2.11-17.el6_4.1.ppc.rpm     MD5: c40794ecc27bca2a63f5a128825f8149
SHA-256: 93b45d57bcfcfd2048dae25a9e2549f8846ee270f022c7a6cd418eeba2b2ee05
libtar-1.2.11-17.el6_4.1.ppc64.rpm     MD5: 0eebf375aeec7c57363fef94368ec1ba
SHA-256: a3a57a41aae477b3cb6c0d0a5be5b114eed15335640afbebcc55a6da0bd20ffb
libtar-debuginfo-1.2.11-17.el6_4.1.ppc.rpm     MD5: 53d1e6602468c7cfd84fdd7522b8f762
SHA-256: 40e29be0991c9fa2f3177eb057d3b374b39313b0381e5d0e5ca030c146f95f03
libtar-debuginfo-1.2.11-17.el6_4.1.ppc64.rpm     MD5: fa55cc556dec6e953949c8e21fdec4b9
SHA-256: e73cf0dd2deeaf353d3a8060ceb73bc016d635b8172f1c9d8ecb231c4a1c58c7
libtar-devel-1.2.11-17.el6_4.1.ppc.rpm     MD5: 372a0af7a85837610f91e1d39df0ffc2
SHA-256: 5c51c437dfa2aef20b8e6f54cae566068419b8cece7b30c264b735bc55ad7cb6
libtar-devel-1.2.11-17.el6_4.1.ppc64.rpm     MD5: dcf6c3e81a18ed1199aa570b4793d44f
SHA-256: ecde42631b281dceacba5226d36ea8d2c6d5e2687604b8d6b46c3239dc295e26
 
s390x:
libtar-1.2.11-17.el6_4.1.s390.rpm     MD5: 423ad48bf060351a8236e01eb0595177
SHA-256: 1b375378c3f6466e49639c92d5b88e23892eacc4361120d21aa29f6463508c54
libtar-1.2.11-17.el6_4.1.s390x.rpm     MD5: 2812ab5b05bc350e1a271a5ff5f00161
SHA-256: 75e7c976e6b7703561a54d285285c116bbfd851ad4c3e5c6f4fc664f81936cbe
libtar-debuginfo-1.2.11-17.el6_4.1.s390.rpm     MD5: 4fc97384794bd57190528f56bfc86fe0
SHA-256: ce7521e340b11cf151baea52cc9b44f1a29fad7300d07471051ddd61b3112948
libtar-debuginfo-1.2.11-17.el6_4.1.s390x.rpm     MD5: 602156b80bf61073a041173c0feaa644
SHA-256: 0c33e2278d32e894d319fa8352745133efde917b11ea81b260582d6d4149f81e
libtar-devel-1.2.11-17.el6_4.1.s390.rpm     MD5: fd43261b4e6e5c6120492109e4950a3e
SHA-256: 5eda485481e0da7e5ee4b2827dafafe4538d54953922c82b7f065d8a88effe09
libtar-devel-1.2.11-17.el6_4.1.s390x.rpm     MD5: 1ceb09929ad1b4a543a04775f23bb939
SHA-256: cd6bffe7e81c477fa98c4037fbb9a436e2fe5e6f245c2b885bca0b36a5255373
 
x86_64:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-1.2.11-17.el6_4.1.x86_64.rpm     MD5: 87dfb4341d1e06f2ff32dcbbab28d4f7
SHA-256: ba1ccdfa039954e3bd9622e249c31e438683ac6589e5173bfa4294c0cf4871be
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-debuginfo-1.2.11-17.el6_4.1.x86_64.rpm     MD5: daa0c84e92749510c222a026cb1f6c0a
SHA-256: 0b75c5caf1b01fbef4b32e5917bf9b708e4b50a5f652ec097ffaa40ceac7278d
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm     MD5: e6c1b88d7d222469495a010ccbabd961
SHA-256: b829c8b8d96c5fd35c85587392a60049d6fd89c0863fbde9eda7dc8a72311569
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
libtar-1.2.11-17.el6_4.1.src.rpm     MD5: a6f666f5513043937bff5cb9fb7049e4
SHA-256: 0cfa5d1104300fffb5387d77c3a846403eb6269423593ed3a8918697dbf19c00
 
IA-32:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
 
x86_64:
libtar-1.2.11-17.el6_4.1.i686.rpm     MD5: b333e1d5911387f008ed89ce92d61848
SHA-256: 217750e5de3cb611a309955bde39555c6fcc5be22c491e73e417ead36b57c979
libtar-1.2.11-17.el6_4.1.x86_64.rpm     MD5: 87dfb4341d1e06f2ff32dcbbab28d4f7
SHA-256: ba1ccdfa039954e3bd9622e249c31e438683ac6589e5173bfa4294c0cf4871be
libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm     MD5: 790b41dc3e963c68beb7d5b4fc13798f
SHA-256: c184744fa81fce1ac656db609479b6185911e18e909db9c51769bb7eabd0ef28
libtar-debuginfo-1.2.11-17.el6_4.1.x86_64.rpm     MD5: daa0c84e92749510c222a026cb1f6c0a
SHA-256: 0b75c5caf1b01fbef4b32e5917bf9b708e4b50a5f652ec097ffaa40ceac7278d
libtar-devel-1.2.11-17.el6_4.1.i686.rpm     MD5: ef3c9e2bcf41a2364deceb85c4a06f73
SHA-256: 12238b6830f62f853b0b07868953c6fa1b77ef43862641c69c6ade9f253fa1e3
libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm     MD5: e6c1b88d7d222469495a010ccbabd961
SHA-256: b829c8b8d96c5fd35c85587392a60049d6fd89c0863fbde9eda7dc8a72311569
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1014492 - CVE-2013-4397 libtar: Heap-based buffer overflows by expanding a specially-crafted archive


References


Keywords

libtar


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/