A buffer overflow flaw in GNU Tar could result in execution of arbitrary code or a Denial of Service.
|Package||app-arch/tar on all architectures|
|Affected versions||< 1.23|
|Unaffected versions||>= 1.23|
GNU Tar is a utility to create archives as well as add and extract files from archives.
GNU Tar is vulnerable to a boundary error in the rmt_read__ function in lib/rtapelib.c, which could cause a heap-based buffer overflow.
A remote attacker could entice the user to load a specially crafted archive, possibly resulting in the execution of arbitrary code or a Denial of Service.
There is no known workaround at this time.
All GNU Tar users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/tar-1.23"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 18, 2010. It is likely that your system is already no longer affected by this issue.
November 20, 2011
November 20, 2011: 1