Vulnerability in GNU "tar"
Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.
Red Hat describes the vulnerability as a directory traversal error, stating that attackers could use manipulated archvies to exploit the bug. "../" directory entries give the attacker the ability to overwrite files for which the executing user has write permissions. The security hole is due to faulty "contains_dot_dot()" function in the "names.c" file. Both Red Hat and the Secunia security service have classified the vulnerability as moderate.
The error affects GNU tar version 1.18 and older. An update and a patch by Red Hat are already available. Other distributions can be expected to follow suit. Users are advised to update their systems.
Issue 222/2019
Buy this issue as a PDF
News
-
Black Hole Image Has an Open Source Connection
Two imaging libraries responsible for the image are fully open source.
-
Linux Mint Founder Calls for Better Developer Support
Usually cheerful Clement ‘Clem’ Lefebvre says he "hasn't enjoyed" this development cycle.
-
Software Freedom Conservancy Announces End to VMware Lawsuit
VMware agrees to remove the offending code in a future release.
-
Chef Goes All Open Source
The company behind the popular DevOps automation tool is releasing those proprietary add-ons built around the open source core.
-
SUSE Spins off from Parent Company
While IBM has acquired Red Hat, SUSE goes solo.
-
Gnome 3.32 Released
New release of the Gnu desktop comes with many improvements.
-
VMware Rolls Out Essential PKS
Virtualization vendor brings commercial support to upstream Kubernetes.
-
Linux 5.0 Is Here
Linus says don't get excited, but the new release contains some significant updates.
-
Kali Linux 2019.1 Released
The favorite Linux distro of Mr. Robot gets the first update of 2019.
-
Linux Foundation Releases a New Draft of OpenChain Spec
OpenChain provides a standard for open source compliance throughout the software supply chain.