tar: buffer overflow [CVE-2006-0300]

Debian Bug report logs - #354091
tar: buffer overflow [CVE-2006-0300]

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martin Pitt <martin.pitt@ubuntu.com>

To: Debian BTS Submit <submit@bugs.debian.org>

Subject: tar: buffer overflow [CVE-2006-0300]

Date: Thu, 23 Feb 2006 11:36:05 +0100

[Message part 1 (text/plain, inline)]

Package: tar
Version: 1.15.1-2
Severity: critical
Tags: security patch

Hi!

A while ago an exploitable buffer overflow was published in tar [1].
Unfortunately this got commonly known only recently. You can get the
patch (which was extracted from upstream CVS) from [2].

Woody's version is not affected, but Sarge's is. The patch applies
cleanly to the Sarge version as well.

Please add the CVE number to the changelog when you fix this.

Thanks,

Martin

[1] http://lists.gnu.org/archive/html/bug-tar/2005-06/msg00029.html
[2] http://patches.ubuntu.com/patches/tar.CVE-2006-0300.patch

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 354091-close@bugs.debian.org (full text, mbox, reply):

From: Bdale Garbee <bdale@gag.com>

To: 354091-close@bugs.debian.org

Subject: Bug#354091: fixed in tar 1.15.1-3

Date: Thu, 23 Feb 2006 11:32:08 -0800

Source: tar
Source-Version: 1.15.1-3

We believe that the bug you reported is fixed in the latest version of
tar, which is due to be installed in the Debian FTP archive:

tar_1.15.1-3.diff.gz
  to pool/main/t/tar/tar_1.15.1-3.diff.gz
tar_1.15.1-3.dsc
  to pool/main/t/tar/tar_1.15.1-3.dsc
tar_1.15.1-3_i386.deb
  to pool/main/t/tar/tar_1.15.1-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 354091@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bdale@gag.com> (supplier of updated tar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 23 Feb 2006 13:02:09 -0600
Source: tar
Binary: tar
Architecture: source i386
Version: 1.15.1-3
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Bdale Garbee <bdale@gag.com>
Description: 
 tar        - GNU tar
Closes: 272888 286978 314805 319635 330187 343062 354091
Changes: 
 tar (1.15.1-3) unstable; urgency=high
 .
   * patch for src/xheader.c suggested by Martin Pitt, to fix exploitable
     buffer overflow [CVE-2006-0300], closes: #354091, #314805
   * change default path for rmt in lib/localedir.h to be correct for Debian
     systems, closes: #319635
   * updated Italian translation from Marco d'Itri, closes: #286978
   * patch from Loic Minier fixing wrong matching of file names when special
     characters are present, closes: #272888
   * patch suggested by Stephen Frost to convert fatal error to warning when
     an archive spanning multiple volumes contains a filename longer than
     100 characters, closes: #330187
   * patch from Peter Samuelson to fix hard link handling in the presence
     of the --strip-components option, closes: #343062
   * update debhelper compat level to 5
Files: 
 58cefb921a4b79f4c74b8bcd9516bd6b 552 base required tar_1.15.1-3.dsc
 4f36ad73b51359b311d1cc09eca963ee 47142 base required tar_1.15.1-3.diff.gz
 7b1aa651c91398561029d07051200b11 770876 base required tar_1.15.1-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD/gvfZKfAp/LPAagRAmcwAJ0WyzmDxhXMa2REw9hpW8IItt/t3QCfXsIb
fFdNX3grOJknRw87vgEmZCc=
=68M6
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.