Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1155650052
업데이트 : 2006.08.15


상세내용

. CVE-2006-0300:

Buffer overflow in tar 1.14 through 1.15.90 allows user-complicit
attackers to cause a denial of service (application crash) and
possibly execute code via unspecified vectors involving PAX extended
headers.

. Bug Fix
- The tar utility did not extract sparse files properly when output was
  redirected somewhere other than a plain file, e.g., to /dev/null.
- Most of the man page appeared to be missing.
- When extracting files from a tar file on standard input, an error message
  about short reads was written to standard error.
- When listing or extracting a subset of files in a tar archive and
  skipping a sparse file stored with the -S option because it did not match
  the selection criteria, tar complained about an invalid sparse member in
  the archive and attempted to skip to the next header.
- When using the --listed-incremental option to tar, directories that moved
  were not properly tracked. 

Autoupdates 지원 : 지원


update 패키지

  RPMS :

    . tar-1.14-10.i686.rpm


  SRPMS :

    . tar-1.14-10.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300