Darcsweb-Url:
http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20061205225806-dd049-8cb3e48bdfd763d6d93d345024a6e9a0c441ee9a.gz;
[FSA64-tar
voroskoi <[EMAIL PROTECTED]>**20061205225806] {
hunk ./frugalware/xml/security.xml 29
+ <fsa>
+ <id>64</id>
+ <date>2006-12-05</date>
+ <author>voroskoi</author>
+ <package>tar</package>
+ <vulnerable>1.15.1-4</vulnerable>
+ <unaffected>1.15.1-5siwenna1</unaffected>
+ <bts>http://bugs.frugalware.org/task/1496</bts>
+
<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097</cve>
+ <desc>Teemu Salmela has reported a security issue in GNU tar,
which can be exploited by malicious people to overwrite arbitrary files.
+ The security issue is caused due to the
"extract_archive()" function in extract.c and the "extract_mangle()" function
in mangle.c still processing the deprecated "GNUTYPE_NAMES" record type
containing symbolic links. This can be exploited to overwrite arbitrary files
by e.g. tricking a user into unpacking a specially crafted tar file.</desc>
+ </fsa>
}
_______________________________________________
Frugalware-darcs mailing list
Frugalware-darcs@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-darcs
