tar 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1155650052
업데이트 : 2006.08.15
상세내용
. CVE-2006-0300:
Buffer overflow in tar 1.14 through 1.15.90 allows user-complicit
attackers to cause a denial of service (application crash) and
possibly execute code via unspecified vectors involving PAX extended
headers.
. Bug Fix
- The tar utility did not extract sparse files properly when output was
redirected somewhere other than a plain file, e.g., to /dev/null.
- Most of the man page appeared to be missing.
- When extracting files from a tar file on standard input, an error message
about short reads was written to standard error.
- When listing or extracting a subset of files in a tar archive and
skipping a sparse file stored with the -S option because it did not match
the selection criteria, tar complained about an invalid sparse member in
the archive and attempted to skip to the next header.
- When using the --listed-incremental option to tar, directories that moved
were not properly tracked.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. tar-1.14-10.i686.rpm
SRPMS :
. tar-1.14-10.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
|