Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2007-4476

Published: 5 September 2007

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

Notes

AuthorNote
jdstrand
1.19 has the fixes, 1.18 as included in Gutsy does not

Priority

Low

Status

Package Release Status
cpio
Launchpad, Ubuntu, Debian
dapper
Released (2.6-10ubuntu0.3)
edgy Ignored
(end of life, was needed)
feisty
Released (2.6-17ubuntu0.7.04.1)
gutsy
Released (2.8-1ubuntu2.2)
hardy Not vulnerable
(2.9-6ubuntu1)
intrepid Not vulnerable
(2.9-13ubuntu1)
upstream
Released (2.9-5)
Patches:
other: https://bugs.launchpad.net/ubuntu/+source/cpio/+bug/161173
vendor: http://www.debian.org/security/2008/dsa-1566

tar
Launchpad, Ubuntu, Debian
dapper
Released (1.15.1-2ubuntu2.3)
edgy Ignored
(end of life, was needed)
feisty Ignored
(end of life, was needed)
gutsy
Released (1.18-2ubuntu1.1)
hardy Not vulnerable

intrepid Not vulnerable

upstream
Released (1.18-2)
Patches:


vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=tar-paxlib-owl-alloca.patch;att=1;bug=441444