Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:219
http://www.mandriva.com/security/
Package : tar
Date : November 28, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi
Network Firewall 2.0
Problem Description:
GNU tar 1.16 and 1.15.1, and possibly other versions, allows
user-assisted attackers to overwrite arbitrary files via a tar file
that contains a GNUTYPE_NAMES record with a symbolic link, which is
not properly handled by the extract_archive function in extract.c
and extract_mangle function in mangle.c, a variant of
CVE-2002-1216.
The updated packages have been patched to address this
issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
Updated Packages:
Mandriva Linux 2006.0:
162f61a8fd27d2056e0412ca2db835ec
2006.0/i586/tar-1.15.1-5.2.20060mdk.i586.rpm
ff8a8b9a0438f72f01fc81ee7d36f303
2006.0/SRPMS/tar-1.15.1-5.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
811ff45e7001afef069d024c496eaaf4
2006.0/x86_64/tar-1.15.1-5.2.20060mdk.x86_64.rpm
ff8a8b9a0438f72f01fc81ee7d36f303
2006.0/SRPMS/tar-1.15.1-5.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
2f2b45550cb57234a437143e78a92ce1
2007.0/i586/tar-1.15.91-1.1mdv2007.0.i586.rpm
7adbb2a696af7e9fbc87702c21555c9e
2007.0/SRPMS/tar-1.15.91-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
ad0aa3bb29ff3cad8842dc0b72054761
2007.0/x86_64/tar-1.15.91-1.1mdv2007.0.x86_64.rpm
7adbb2a696af7e9fbc87702c21555c9e
2007.0/SRPMS/tar-1.15.91-1.1mdv2007.0.src.rpm
Corporate 3.0:
4f64d5d13fc887e2698b59f908d144fd
corporate/3.0/i586/tar-1.13.25-11.1.C30mdk.i586.rpm
6f470c1fd005021c072627f4ed720f0b
corporate/3.0/SRPMS/tar-1.13.25-11.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
e7ddc900476c0c202abdcedd28cc7893
corporate/3.0/x86_64/tar-1.13.25-11.1.C30mdk.x86_64.rpm
6f470c1fd005021c072627f4ed720f0b
corporate/3.0/SRPMS/tar-1.13.25-11.1.C30mdk.src.rpm
Corporate 4.0:
23aaf07731b8a40a67fbd1a0d1f282ad
corporate/4.0/i586/tar-1.15.1-5.2.20060mlcs4.i586.rpm
feab531719ee55b58cdb14183d84cfc6
corporate/4.0/SRPMS/tar-1.15.1-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
633ca84b42d52bce291a58c348b1a823
corporate/4.0/x86_64/tar-1.15.1-5.2.20060mlcs4.x86_64.rpm
feab531719ee55b58cdb14183d84cfc6
corporate/4.0/SRPMS/tar-1.15.1-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
3f07efd5980e45ce55f05364f0e1f4bd
mnf/2.0/i586/tar-1.13.25-11.1.M20mdk.i586.rpm
0b6cd4ea429d91884e9c2fffbd8d0dbc
mnf/2.0/SRPMS/tar-1.13.25-11.1.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Ubuntu
Ubuntu Security Notice USN-385-1 November 27, 2006
tar vulnerability
CVE-2006-6097
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
tar 1.15.1-2ubuntu0.2
Ubuntu 6.06 LTS:
tar 1.15.1-2ubuntu2.1
Ubuntu 6.10:
tar 1.15.91-2ubuntu0.3
In general, a standard system upgrade is sufficient to effect
the necessary changes.
Details follow:
Teemu Salmela discovered that tar still handled the deprecated
GNUTYPE_NAMES record type. This record type could be used to create
symlinks that would be followed while unpacking a tar archive. If a
user or an automated system were tricked into unpacking a specially
crafted tar file, arbitrary files could be overwritten with user
privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2.diff.gz
Size/MD5: 29654
155f4628f9fef19aa20e3927a857fd0d
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2.dsc
Size/MD5: 574
22006def60be25510613a955ca7e90d2
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz
Size/MD5: 2204322
d87021366fe6488e9dc398fcdcb6ed7d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_amd64.deb
Size/MD5: 531932
d507bfc76276c9cc43ebf56f9d69038a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_i386.deb
Size/MD5: 519858
ed19ee38f074d841366737e880a5c626
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_powerpc.deb
Size/MD5: 533886
5d0d477d0bbe5589f5a3181144099c92
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_sparc.deb
Size/MD5: 525056
1fa9aa25fbbc81c4fcf767c28b4eb991
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1.diff.gz
Size/MD5: 30078
32b5ca833a90aa5bcbc3941a07dbf81a
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1.dsc
Size/MD5: 574
c68c40e5d79b9afd13626694b0bcb2d4
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz
Size/MD5: 2204322
d87021366fe6488e9dc398fcdcb6ed7d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_amd64.deb
Size/MD5: 532022
ddcb1e2e8770645f683b462b095ff851
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_i386.deb
Size/MD5: 519384
be7fa1ac67587e1ef574ed457e967454
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_powerpc.deb
Size/MD5: 533876
4b9404feef3aaaf23cf28abd1432517b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_sparc.deb
Size/MD5: 523654
1164fe3b20e4f530df21258907f3cd9d
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3.diff.gz
Size/MD5: 16849
1776a8a649f3fec68c6990accd5f47c8
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3.dsc
Size/MD5: 596
58f9bea1622976afa48a7eb61e8945e8
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91.orig.tar.gz
Size/MD5: 2016367
e2338a16b0464ec03826e000dae990a0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_amd64.deb
Size/MD5: 361636
9580b1e23dc58caf6af9543dbe045dca
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_i386.deb
Size/MD5: 346396
4bb2868d5fc2855a8242c6c89c7afb12
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_powerpc.deb
Size/MD5: 365486
79ddf1293d8e759fd96fee0c612d6000
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_sparc.deb
Size/MD5: 348136
ffdb48742e8bc415682f18d6c74f70c2
Ubuntu Security Notice USN-388-1 November 29, 2006
koffice vulnerability
CVE-2006-6120
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
koffice-libs 1:1.4.1-0ubuntu7.4
After a standard system upgrade you need to restart your Desktop
session to effect the necessary changes.
Details follow:
An integer overflow was discovered in KOffice’s filtering code.
By tricking a user into opening a specially crafted PPT file,
attackers could crash KOffice or possibly execute arbitrary code
with the user’s privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.4.1-0ubuntu7.4.diff.gz
Size/MD5: 68701
00932ef9fcfa1d04bdcd3d02399e6b54
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.4.1-0ubuntu7.4.dsc
Size/MD5: 1048
9afa7821978d0a695ccdac7db1eb3e58
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.4.1.orig.tar.gz
Size/MD5: 21026614
9e214aef83d2a9a6485a831a67b7bcfa
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.4.1-0ubuntu7.4_all.deb
Size/MD5: 634772
7fd40e05783a3d9546534195c66648f8
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.4.1-0ubuntu7.4_all.deb
Size/MD5: 688372
19dbb2fc1879c35b5a059d53313946ce
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.4.1-0ubuntu7.4_all.deb
Size/MD5: 326300
2c25ae3bd2059a0df6f70bf548b29454
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.4.1-0ubuntu7.4_all.deb
Size/MD5: 22892
d68438ea3a5948dc30dd595abc4bc323
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 433004
93fa7fdb2ccdf62436a0a3ffc30d4653
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 960898
eddbfe366d1fff0c5d3d57746a6a3d36
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 707762
f21e7cc05b1362495dc4205de91836a1
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 167020
e547f4cd0296e704d21a655ed6c70ed0
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 178454
6885ee6e6db8568fe2e2a31cb24de2f1
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 5552572
9c517913e9b7767472927543bf94bf3c
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 106670
c17f47264ec277cfab98591612f58d48
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 2895504
256232cc7b38ded14892ae87315c5009
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 2574826
de98505de6899025707ae849633adc3f
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 1034992
1c21071eeaca6a441de4a045785e64ed
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 327320
e88c8aac476d63ed0bc9e9ce4b2c1e0a
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 481400
9160377c8719abe32abb55cbbfe8d2f5
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.4.1-0ubuntu7.4_amd64.deb
Size/MD5: 5736518
67e268b62aef4a788260ec46910bd970
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 377394
97d295c575ac98c298a59ead1189def4
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 954852
94bbe0f51a198b020cdd7f6786648aa0
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 701352
80b333ec3aa6ec5c1b51f0a8dc5ede3e
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 153312
f26df7570623906502ff33853e7162e4
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 178460
5322a94138cfe9a6f0c3b1c6a729a992
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 4949830
c90d916c41c1c2119853a0fadd25a3bd
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 101200
24dbfe4d12bd4efcf89f73a02ee992ff
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 2786100
9bc56c55021de36b2c11f99723ab3188
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 2495444
857a4bf9fc8c520ecc01fb408644a8e9
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 967028
699df680dbb7ce1eab59ac96ee98f9cd
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 322374
72f22887c75ed2bc9a36c7b0c62a3e86
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 449560
deb912f53797b36bd78e65a81ae949a8
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.4.1-0ubuntu7.4_i386.deb
Size/MD5: 5463188
6ac4849bd415571b236364cb728d3fa6
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 430582
f48450e917cf6aeccb536054ba890cc6
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 965060
0d03528b35c2d19089cc06205dc878fe
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 706386
d40def53afb5a74e2df3473008dfa91b
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 170472
2c1dbcf8b85434c1a18807ecf4c9c1bd
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 178450
0011685fe0961eb97505a56aa02b6489
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 5218554
96e1c309e419c0394b91a89d8112e9df
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 105184
378a189a9a1907ed4a1eb626ade6c591
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 2831236
11e394a926e1f886f952bd6ebc76b0a7
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 2539898
4649a0d16765302f2ae57834dab875c6
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 996450
057b0926d976e4fc622b2a2f0b599037
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 329264
e5de058fccffb07fbe61f523bd069246
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 466704
13356452d0ddc84ba53b4858321e42f3
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.4.1-0ubuntu7.4_powerpc.deb
Size/MD5: 5618448
803242e6ff1ee5bfe6fcdcfbfdadcf8c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 384438
71a480d5c3fe9bb5ae737db61acda456
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 956294
eeaec4aada765ce4dee7138760d1b6bf
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 701392
a7330a78760f62f711343961f31675f1
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 151282
184c6d96e4e7f7a25c2714cf0d91382d
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 178472
abd1b00aad73a814063b7081fb20ddc1
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 5099614
9d7cd91aa01ff45d9be2a1f23a8fbe9b
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 101434
62b2d2be3d9efa1d4300ab2f2081eaa8
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 2814930
be78c646f7517399dd3dc665b6f8b3ef
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 2505104
245e4436a592136dbf90a64e01430c49
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 976878
696fa0b29047b2dcde1274f027e1db4e
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 322878
c5f6c230f001041ca02f8330edb3f64f
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 449936
62e05f34fecff064852d405c7556e543
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.4.1-0ubuntu7.4_sparc.deb
Size/MD5: 5533476
14a6ed4aad576147a47dc938a1389511