RHSA-2013:1418-01 -- Redhat libtarID: oval:org.secpod.oval:def:501116 | Date: (C)2013-10-24 (M)2023-07-28 |
Class: PATCH | Family: unix |
The libtar package contains a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. Note: This issue only affected 32-bit builds of libtar. Red Hat would like to thank Timo Warns for reporting this issue. All libtar users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
Platform: |
Red Hat Enterprise Linux 6 |