Vulnerability in GNU "tar"
Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.
Red Hat describes the vulnerability as a directory traversal error, stating that attackers could use manipulated archvies to exploit the bug. "../" directory entries give the attacker the ability to overwrite files for which the executing user has write permissions. The security hole is due to faulty "contains_dot_dot()" function in the "names.c" file. Both Red Hat and the Secunia security service have classified the vulnerability as moderate.
The error affects GNU tar version 1.18 and older. An update and a patch by Red Hat are already available. Other distributions can be expected to follow suit. Users are advised to update their systems.
Issue 220/2019
Buy this issue as a PDF
News
-
Kali Linux 2019.1 Released
The favorite Linux distro of Mr. Robot gets the first update of 2019.
-
Linux Foundation Releases a New Draft of OpenChain Spec
OpenChain provides a standard for open source compliance throughout the software supply chain.
-
Linux Kernel Continues To Offer Mitigation for Spectre Mitigation
Kernel 4.19 has added another family of Spectre vulnerabilities to its list of mitigating the mitigation.
-
SpeakUp Trojan Targets Linux Servers
It’s exploiting a known vulnerability.
-
KDE Plasma 5.15 Beta Arrives
Major improvements to software management.
-
Canonical Announces Latest Ubuntu Core for IoT
Now offers 10 years of support.
-
GitHub Offers Free Private Repositories
Popular source code collaboration site makes a major change to feature set.
-
Linus Torvalds Welcomes 2019 with Linux 5.x
Better support for GPUs and CPUs.
-
Keep your edge with these powerful Linux administration tools:
Keep All Your Linux Servers in Check
Watching the Bad Guys with Cowrie
Become a certified Linux Admin professional with the Linux Professional Institute LPIC-1 Systems Administrator certification.
-
Microsoft Gets an Open Source Web Browser
The company will use Google Chromium web browser as the foundation for its next browser.