REDHAT-BUG-280961
First published: Thu Sep 06 2007(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2007-4476">CVE-2007-4476</a> to the following vulnerability: Bug in the safer_name_suffix function in GNU tar may lead to a "crashing stack". It can be used to crash tar while extracting archive containing file with long name containing unsafe prefix. Affected function is also part of cpio source code. References: <a href="http://www.novell.com/linux/security/advisories/2007_18_sr.html">http://www.novell.com/linux/security/advisories/2007_18_sr.html</a> <a href="http://lists.gnu.org/archive/html/bug-cpio/2007-08/msg00002.html">http://lists.gnu.org/archive/html/bug-cpio/2007-08/msg00002.html</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu tar | ||
| GNU Cpio |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2007-4476
- http://www.novell.com/linux/security/advisories/2007_18_sr.html
- http://lists.gnu.org/archive/html/bug-cpio/2007-08/msg00002.html
- http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=236281&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=236281&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=280961#c1
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=245931&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=245931&action=edit
- https://rhn.redhat.com/errata/RHSA-2010-0141.html
- https://rhn.redhat.com/errata/RHSA-2010-0144.html
- https://bugzilla.redhat.com/show_bug.cgi?id=280961
Frequently Asked Questions
What is the severity of REDHAT-BUG-280961?
The severity of REDHAT-BUG-280961 is considered moderate, as it can lead to crashes in the GNU tar application.
How do I fix REDHAT-BUG-280961?
To fix REDHAT-BUG-280961, ensure you are using the latest version of GNU tar or apply the recommended patches provided by your distribution.
What is the impact of REDHAT-BUG-280961?
The impact of REDHAT-BUG-280961 is that it can cause the GNU tar application to crash during the extraction of certain tar files.
What software is affected by REDHAT-BUG-280961?
REDHAT-BUG-280961 affects GNU tar and GNU cpio, potentially leading to application crashes.
Is there a workaround for REDHAT-BUG-280961?
A potential workaround for REDHAT-BUG-280961 is to avoid extracting tar files from untrusted sources until the vulnerability is resolved.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-4476
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/ubuntu tar
- canonical/ubuntu cpio