Debian Security Advisory
DSA-2817-1 libtar -- Integer overflow
- Date Reported:
- 14 Dec 2013
- Affected Packages:
- libtar
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 725938.
In Mitre's CVE dictionary: CVE-2013-4397. - More information:
-
Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code.
For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.11-6+deb6u1.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.16-1+deb7u1.
For the testing distribution (jessie), this problem has been fixed in version 1.2.20-1.
For the unstable distribution (sid), this problem has been fixed in version 1.2.20-1.
We recommend that you upgrade your libtar packages.