About Ubuntu

=========================================================== Ubuntu Security Notice USN-257-1 February 23, 2006 tar vulnerability CVE-2006-0300 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: tar The problem can be corrected by upgrading the affected package to version 1.14-2ubuntu0.1 (for Ubuntu 5.04), or 1.15.1-2ubuntu0.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user. The tar version in Ubuntu 4.10 is not affected by this vulnerability.