Vulnerability in GNU "tar"
Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.
Red Hat describes the vulnerability as a directory traversal error, stating that attackers could use manipulated archvies to exploit the bug. "../" directory entries give the attacker the ability to overwrite files for which the executing user has write permissions. The security hole is due to faulty "contains_dot_dot()" function in the "names.c" file. Both Red Hat and the Secunia security service have classified the vulnerability as moderate.
The error affects GNU tar version 1.18 and older. An update and a patch by Red Hat are already available. Other distributions can be expected to follow suit. Users are advised to update their systems.
Issue 224/2019
Buy this issue as a PDF
News
-
Chromium-Based Browsers Will Ignore Google’s Ad-Blocking Ban
Brave Opera and Vivaldi will not implement Google’s changes that will cripple ad-blockers.
-
Zorin OS 15 Released
The new release is based on Ubuntu 18.04 LTS.
-
Ubuntu to Package Proprietary Nvidia Driver
Canonical is making it easier for users to install proprietary Nvidia drivers.
-
openSUSE Leap 15.1 Released
Better hardware support.
-
Red Hat Enterprise Linux 8 Available
An OS redesigned for the hybrid cloud era.
-
Google Brings Linux to Chromebook
All new Chromebooks will be capable of running Linux.
-
Fedora Project Announces Fedora 30
The latest version comes with new tools and a new alignment of the various Fedora editions.
-
The Apache Software Foundation Completes Migration To GitHub
The foundation has decommissioned its own Git service.
-
Canonical Combines its Services in a Single Package
Now customers can gain access to all of its services under Ubuntu Advantage offering.
-
Black Hole Image Has an Open Source Connection
Two imaging libraries responsible for the image are fully open source.