This bug was fixed in the package tar - 1.18-2ubuntu1.1
--------------- tar (1.18-2ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow with malicious tar files - lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as hash_string_insert_prefix and adjust safer_name_suffix to use hash_string_insert_prefix to avoid stack allocation - patch from upstream paxlib commits: http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88 http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b - CVE-2007-4476 - LP: #180299
-- Jamie Strandboge <email address hidden> Wed, 14 Jan 2009 11:06:24 -0600
This bug was fixed in the package tar - 1.18-2ubuntu1.1
---------------
tar (1.18-2ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow with malicious tar files string_ insert_ prefix and adjust safer_name_suffix to use string_ insert_ prefix to avoid stack allocation git.savannah. gnu.org/ gitweb/ ?p=paxutils. git;a=commitdif f;h=b9199bbdefd 32382953dd8c01e c881e5463c5a88 git.savannah. gnu.org/ gitweb/ ?p=paxutils. git;a=commitdif f;h=64379227940 699a92113e3fd7c 583e705a1f849b
- lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as
hash_
hash_
- patch from upstream paxlib commits:
http://
http://
- CVE-2007-4476
- LP: #180299
-- Jamie Strandboge <email address hidden> Wed, 14 Jan 2009 11:06:24 -0600