---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Ubuntu update for tar SECUNIA ADVISORY ID: SA33567 VERIFY ADVISORY: http://secunia.com/advisories/33567/ CRITICAL: Not critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 6.06 http://secunia.com/advisories/product/10611/ Ubuntu Linux 7.10 http://secunia.com/advisories/product/16251/ DESCRIPTION: Ubuntu has issued an update for tar. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing specially crafted tar archives and can be exploited to cause a stack-based buffer overflow and crash the vulnerable application. SOLUTION: Apply updated packages. -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3.diff.gz Size/MD5: 31101 bd2a94f0578416e4ad7ed5d8e0eaab15 http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3.dsc Size/MD5: 582 6395ad2276cbfb04535c8e9a760184c2 http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz Size/MD5: 2204322 d87021366fe6488e9dc398fcdcb6ed7d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3_amd64.deb Size/MD5: 532580 8bf4846b9b2108f42886784c794c01f6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3_i386.deb Size/MD5: 519940 3ddc9cb9cf77bf95d711eef4b3f7851c powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3_powerpc.deb Size/MD5: 534426 0385fa88092124b117af7cd37bc2c588 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.3_sparc.deb Size/MD5: 524246 8b1ad8790f52ca7282a76a96b6b134cc -- Ubuntu 7.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1.diff.gz Size/MD5: 47111 588df897391765ca5523e6ab611ed32b http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1.dsc Size/MD5: 679 bc6cbaab0f63ef2289c49344ed88d6df http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18.orig.tar.gz Size/MD5: 2381295 c5fc59099be4419d18f59fe8a7946017 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1_amd64.deb Size/MD5: 384512 b9f347f8bb3f1209a2f2ba6b69a06eb6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1_i386.deb Size/MD5: 339818 611afdfeb25440e65e3d722947408f5c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tar/tar_1.18-2ubuntu1.1_lpia.deb Size/MD5: 339942 1c900b255c7fb9d2f8f7b69a0d737d26 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1_powerpc.deb Size/MD5: 359094 b790c9aa4e73dab09ca6892456970b71 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.18-2ubuntu1.1_sparc.deb Size/MD5: 342586 02aa39721b80469a26062f4c86e93b08 ORIGINAL ADVISORY: USN-709-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-January/000827.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------