Ubuntu Security Notice USN-257-1
23rd February, 2006
tar vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
- Ubuntu 5.04
Details
Jim Meyering discovered that tar did not properly verify the validity
of certain header fields in a GNU tar archive. By tricking an user
into processing a specially crafted tar archive, this could be
exploited to execute arbitrary code with the privileges of the user.
The tar version in Ubuntu 4.10 is not affected by this vulnerability.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- tar
- Ubuntu 5.04:
- tar
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None