RHSA-2010:0505 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: perl-Archive-Tar security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated perl-Archive-Tar package that fixes multiple security issues is
now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The Archive::Tar module provides a mechanism for Perl scripts to manipulate
tar archive files.

Multiple directory traversal flaws were discovered in the Archive::Tar
module. A specially-crafted tar file could cause a Perl script, using the
Archive::Tar module to extract the archive, to overwrite an arbitrary file
writable by the user running the script. (CVE-2007-4829)

This package upgrades the Archive::Tar module to version 1.39_01. Refer to
the Archive::Tar module's changes file, linked to in the References, for a
full list of changes.

Users of perl-Archive-Tar are advised to upgrade to this updated package,
which corrects these issues. All applications using the Archive::Tar module
must be restarted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 295021 - CVE-2007-4829 perl-Archive-Tar directory traversal flaws

CVEs

CVE-2007-4829

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm	SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
x86_64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
ia64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
i386
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux Server 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm	SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
x86_64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
ia64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
i386
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm	SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
x86_64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
ia64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
i386
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux Workstation 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm	SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
x86_64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
i386
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux Workstation 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm	SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
x86_64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
ia64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
i386
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux Desktop 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm	SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
x86_64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
i386
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux Desktop 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm	SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
x86_64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
i386
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm	SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
s390x
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm	SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
s390x
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
s390
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm	SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
s390x
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
s390
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for Power, big endian 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm	SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
ppc
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux for Power, big endian 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm	SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
ppc
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm	SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
ppc
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm	SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux Server from RHUI 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm	SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
x86_64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
i386
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm	SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.