This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

SECURITY: tar (CVE-2006-0300)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A malicious tar archive could trigger a Buffer overflow in GNU tar,
potentially resulting in the execution of arbitrary code.

Solution: apply this patch to 1.15.1:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-arch/tar/files/tar-CVE-2006-0300.patch

More information:
http://www.gentoo.org/security/en/glsa/glsa-200603-06.xml
http://bugs.gentoo.org/show_bug.cgi?id=123038
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300


Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEEd5VpiWmPGlmQSMRAu5IAKDFtPhW6PLH+ePIJa6C0z5WyfzYKgCeKFIs
fj+yeXuEnJjZlOz6tIaqrCI=
=tweg
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]