From: Tomoaki O. <ok...@so...> - 2007-10-20 09:20:19
|
Hello, I found a directory traversal vulnerability of tar, i.e. CVE-2007-4131. Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131 The patch for this problem can be got from http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/app-arch/tar/files/tar-1.15.1-alt-contains-dot-dot.patch . Please apply it to tar in 10.3/unstable and 10.4/unstable. Thanks, Tomoaki Okayama |