Vulnerability in GNU "tar"
Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.
Red Hat describes the vulnerability as a directory traversal error, stating that attackers could use manipulated archvies to exploit the bug. "../" directory entries give the attacker the ability to overwrite files for which the executing user has write permissions. The security hole is due to faulty "contains_dot_dot()" function in the "names.c" file. Both Red Hat and the Secunia security service have classified the vulnerability as moderate.
The error affects GNU tar version 1.18 and older. An update and a patch by Red Hat are already available. Other distributions can be expected to follow suit. Users are advised to update their systems.
Issue 228/2019
Buy this issue as a PDF
News
-
openSUSE OBS Can Now Build Windows WSL Images
openSUSE enables developers to build their own WSL distributions.
-
Sudo Vulnerability
A vulnerability in the sudo package gives sudo users more powers than they deserve.
-
The Art of PostgreSQL
The Art of PostgreSQL by Dimitri Fontaine is now available.
-
Red Hat Announces CentOS Stream
New distro will provide an upstream test bed for RHEL.
-
Linus Torvalds Agrees to Kernel Lockdown
The feature will let developers restrict root access to the kernel.
-
Richard Stallman Resigns from Free Software Foundation
GNU founder came under fire for comments made on an internal MIT mailing list
-
Oracle Announces Autonomous Linux
A new addition to Oracle Linux would eliminate cases like Equifax where failure to patch leads to disaster.
-
The New Kali Linux Is Here
2019.2 supports more Android devices.
-
exFAT Is Coming to Linux
Microsoft has contributed exFAT patents to OIN and also published specifications.
-
Knoppix 8.6 Released
The latest version of the classic Live Linux comes with KDE Plasma 5.