[Bug 180299] Re: [tar] [CVE-2007-4476] Buffer overflow

Bug Watch Updater 180299 at bugs.launchpad.net
Thu Oct 26 18:59:04 UTC 2017 

Launchpad has imported 12 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=280961.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2007-09-06T17:01:45+00:00 Tomas wrote:

Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4476
to the following vulnerability:

Bug in the safer_name_suffix function in GNU tar may lead to a "crashing
stack".  It can be used to crash tar while extracting archive containing file
with long name containing unsafe prefix.

Affected function is also part of cpio source code.

References:

http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://lists.gnu.org/archive/html/bug-cpio/2007-08/msg00002.html

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/0

------------------------------------------------------------------------
On 2007-09-06T17:05:50+00:00 Tomas wrote:

Upstream patch for paxutils / paxlib (used by recent versions of tar and
cpio):

http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4


Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/1

------------------------------------------------------------------------
On 2007-10-24T15:35:04+00:00 Radek wrote:

Created attachment 236281
patch for cpio-2.6

this patch should work for all affected software as the rest of patch from
comment #1 are just optimizations for memory usage (one malloc less)

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/2

------------------------------------------------------------------------
On 2007-10-24T15:40:00+00:00 Radek wrote:

Fedora builds of fixed tar are now complete (with the patch from upstream):
  tar-1.15.1-27.fc6
  tar-1.15.1-28.fc7
  tar-1.17-4.fc8
  tar-1.17-4.fc9


Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/3

------------------------------------------------------------------------
On 2007-10-29T19:02:36+00:00 Fedora wrote:

tar-1.15.1-28.fc7 has been pushed to the Fedora 7 stable repository.  If
problems still persist, please make note of it in this bug report.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/4

------------------------------------------------------------------------
On 2007-11-01T18:43:20+00:00 Radek wrote:

Created attachment 245931
new patch for cpio-2.6 (this one frees malloc'd memory)

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/5

------------------------------------------------------------------------
On 2007-11-02T13:44:11+00:00 Radek wrote:

fixed Fedora builds of cpio:
  cpio-2.6-22.fc6
  cpio-2.6-28.fc7
  cpio-2.9-5.fc8
  cpio-2.9-5.fc9


Reply at: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/6

------------------------------------------------------------------------
On 2007-11-05T15:06:18+00:00 Fedora wrote:

cpio-2.6-28.fc7 has been pushed to the Fedora 7 stable repository.  If
problems still persist, please make note of it in this bug report.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/7

------------------------------------------------------------------------
On 2007-11-06T16:05:52+00:00 Fedora wrote:

tar-1.17-4.fc8 has been pushed to the Fedora 8 stable repository.  If
problems still persist, please make note of it in this bug report.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/8

------------------------------------------------------------------------
On 2007-11-06T16:08:27+00:00 Fedora wrote:

cpio-2.9-5.fc8 has been pushed to the Fedora 8 stable repository.  If
problems still persist, please make note of it in this bug report.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/9

------------------------------------------------------------------------
On 2010-03-15T23:55:40+00:00 errata-xmlrpc wrote:

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0141 https://rhn.redhat.com/errata/RHSA-2010-0141.html

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/18

------------------------------------------------------------------------
On 2010-03-16T01:15:30+00:00 errata-xmlrpc wrote:

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0144 https://rhn.redhat.com/errata/RHSA-2010-0144.html

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/comments/19


** Changed in: fedora
       Status: Confirmed => Fix Released

** Changed in: fedora
   Importance: Unknown => Low

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/180299

Title:
  [tar] [CVE-2007-4476] Buffer overflow

Status in tar package in Ubuntu:
  Fix Released
Status in tar source package in Dapper:
  Fix Released
Status in tar source package in Gutsy:
  Fix Released
Status in tar package in Debian:
  Fix Released
Status in Fedora:
  Fix Released
Status in tar package in Gentoo Linux:
  Fix Released

Bug description:
  Binary package hint: tar

  References:
  DSA-1438-1 (http://www.debian.org/security/2007/dsa-1438)
  Bug #161173

  Quoting:
  'Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."'

  I'm reporting this issue for tar, since I didn't found any
  correspoding USN.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/180299/+subscriptions

More information about the foundations-bugs mailing list