Advisories | Mandriva

Package name	tar
Date	October 15th, 2007
Advisory ID	MDKSA-2007:197
Affected versions	2007.0, CS4.0, 2007.1, 2008.0
Synopsis	Updated tar packages prevent buffer overflow

Problem Description

A buffer overflow in GNU tar has unspecified attack vectors and impact,
resulting in a crashing stack.

Updated packages fix this issue.

Updated Packages

Mandriva Linux 2007

 ad9831bdc61bfd45b4236baf91ba303b  2007.0/i586/tar-1.15.91-1.3mdv2007.0.i586.rpm 
 799e95edad373e229f27ac662a2803c7  2007.0/SRPMS/tar-1.15.91-1.3mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 a7ca270e229a7a66e3945aa27ebe5574  2007.0/x86_64/tar-1.15.91-1.3mdv2007.0.x86_64.rpm 
 799e95edad373e229f27ac662a2803c7  2007.0/SRPMS/tar-1.15.91-1.3mdv2007.0.src.rpm

Corporate Server 4.0

 ae6c4f628deac215fc00421176245fca  corporate/4.0/i586/tar-1.15.1-5.4.20060mlcs4.i586.rpm 
 00e37ea23dc4f0218ccfed4edbe47bf2  corporate/4.0/SRPMS/tar-1.15.1-5.4.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 ea73607c5f7b4d32cb7c158ffb9fb366  corporate/4.0/x86_64/tar-1.15.1-5.4.20060mlcs4.x86_64.rpm 
 00e37ea23dc4f0218ccfed4edbe47bf2  corporate/4.0/SRPMS/tar-1.15.1-5.4.20060mlcs4.src.rpm

Mandriva Linux 2007.1

 ad38128760a1d444cb7f92b88d0fa7e3  2007.1/i586/tar-1.16-3.2mdv2007.1.i586.rpm 
 d8be92eefacc8b999f3021942c1e9776  2007.1/SRPMS/tar-1.16-3.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 90dff66308016f17f03558d4ba550387  2007.1/x86_64/tar-1.16-3.2mdv2007.1.x86_64.rpm 
 d8be92eefacc8b999f3021942c1e9776  2007.1/SRPMS/tar-1.16-3.2mdv2007.1.src.rpm

Mandriva Linux 2008.0

 e81d250db24d4f5dd935986dece9f7f0  2008.0/i586/tar-1.18-1.1mdv2008.0.i586.rpm 
 4dd90e75bf8d363ed44e1bd7346d42cf  2008.0/SRPMS/tar-1.18-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64

 16e3f71fc1b9b2fef42378e025d93ea8  2008.0/x86_64/tar-1.18-1.1mdv2008.0.x86_64.rpm 
 4dd90e75bf8d363ed44e1bd7346d42cf  2008.0/SRPMS/tar-1.18-1.1mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.