Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200603-06] GNU tar: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
GNU tar: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200603-06
(GNU tar: Buffer overflow)
Jim Meyering discovered a flaw in the handling of certain header
fields that could result in a buffer overflow when extracting or
listing the contents of an archive.
A remote attacker could construct a malicious tar archive that
could potentially execute arbitrary code with the rights of the
user running GNU tar.
There is no known workaround at this time.
All GNU tar users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/tar-1.15.1-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.