Red Hat Product Errata RHSA-2010:0505 - Security Advisory
Issued:
2010-07-01
Updated:
2010-07-01

RHSA-2010:0505 - Security Advisory

Synopsis

Moderate: perl-Archive-Tar security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated perl-Archive-Tar package that fixes multiple security issues is
now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The Archive::Tar module provides a mechanism for Perl scripts to manipulate
tar archive files.

Multiple directory traversal flaws were discovered in the Archive::Tar
module. A specially-crafted tar file could cause a Perl script, using the
Archive::Tar module to extract the archive, to overwrite an arbitrary file
writable by the user running the script. (CVE-2007-4829)

This package upgrades the Archive::Tar module to version 1.39_01. Refer to
the Archive::Tar module's changes file, linked to in the References, for a
full list of changes.

Users of perl-Archive-Tar are advised to upgrade to this updated package,
which corrects these issues. All applications using the Archive::Tar module
must be restarted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 295021 - CVE-2007-4829 perl-Archive-Tar directory traversal flaws

Red Hat Enterprise Linux Server 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
x86_64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
ia64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
i386
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux Server 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
x86_64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
ia64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
i386
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
x86_64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
ia64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
i386
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux Workstation 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
x86_64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
i386
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux Workstation 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
x86_64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
ia64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
i386
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux Desktop 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
x86_64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
i386
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux Desktop 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
x86_64
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
i386
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
s390x
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
s390x
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
s390
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
s390x
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5
s390
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for Power, big endian 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
ppc
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

Red Hat Enterprise Linux for Power, big endian 4

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
ppc
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm SHA-256: 45661bbf502f340aa74aa86ada444e14374f1a41b03b3cf0638d78124df83c68
ppc
perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm SHA-256: 4ea53bb26356a89a6a0f876948e0fada80527847dadfe70288f00e2e43e84db5

Red Hat Enterprise Linux Server from RHUI 5

SRPM
perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm SHA-256: 12c724b43ef3e3e94b7eae9a6fa5b20f0777e2b9a5930d0198ee304467dc9e9d
x86_64
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69
i386
perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm SHA-256: 2ab2fce9e8a083d900ebd0aac9024d8ad400e0f0ec7a905eaa6602cadd395f69

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.