Mandriva Update For Tar MDKSA-2007:173 (tar) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Dmitry V. Levin discovered a path traversal flaw in how GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary fiels that the user running tar has write access to. Updated packages have been patched to prevent these issues.

Affected

tar on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-4131
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:180 (compface)
Mandrake Security Advisory MDVSA-2009:077 (pam)
Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Mandrake Security Advisory MDVSA-2009:114 (ipsec-tools)
Mandrake Security Advisory MDVSA-2009:080 (glib2.0)

Mandriva Update for tar MDKSA-2007:173 (tar)

Take action and discover your vulnerabilities