Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

Scientific Linux SL6.x SLSA-2013:1418-1 Moderate: libtar Buffer Overflow

Scientific Large Esm H446
Moderate: libtar security update
Date: Thu, 10 Oct 2013 17:57:46 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: libtar on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: libtar security update
Advisory ID: SLSA-2013:1418-1
Issue Date: 2013-10-10
CVE Numbers: CVE-2013-4397
--

Two heap-based buffer overflow flaws were found in the way libtar handled
certain archives. If a user were tricked into expanding a specially-
crafted archive, it could cause the libtar executable or an application
using libtar to crash or, potentially, execute arbitrary code.
(CVE-2013-4397)

Note: This issue only affected 32-bit builds of libtar.
--

SL6
 x86_64
 libtar-1.2.11-17.el6_4.1.x86_64.rpm
 libtar-debuginfo-1.2.11-17.el6_4.1.x86_64.rpm
 libtar-1.2.11-17.el6_4.1.i686.rpm
 libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm
 libtar-devel-1.2.11-17.el6_4.1.i686.rpm
 libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm
 i386
 libtar-1.2.11-17.el6_4.1.i686.rpm
 libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm
 libtar-devel-1.2.11-17.el6_4.1.i686.rpm

- Scientific Linux Development Team