Security Information / 2013 / Security Information -- DSA-2817-1 libtar

Debian Security Advisory

DSA-2817-1 libtar -- Integer overflow

Date Reported:

14 Dec 2013

Affected Packages:

libtar

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 725938.
In Mitre's CVE dictionary: CVE-2013-4397.

More information:

Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code.

For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.11-6+deb6u1.

For the stable distribution (wheezy), this problem has been fixed in version 1.2.16-1+deb7u1.

For the testing distribution (jessie), this problem has been fixed in version 1.2.20-1.

For the unstable distribution (sid), this problem has been fixed in version 1.2.20-1.

We recommend that you upgrade your libtar packages.