Re: Has tar-1.15.1 been built & released for rh7.3?

[Jeff Sheltren <sheltren cs ucsb edu>]

On Oct 10, 2005, at 5:43 PM, Gene Heskett wrote:
> I've been running 1.15.1 on this FC2 box now for about 3 months,  
> and it
> appears to be completey compatible.  Then I read someplace where a
> security hole had been found in pre 1.15 issues, so I thought I'd  
> try to
> upgrade my firewall box, which is still running 7.3, but with a 2.4.29
> kernel.

Hi Gene, the only recent tar report I've seen is regarding tar  
preserving setuid/setgid information, which is actually the intended  
behavior of tar, so I am not sure that anyone even patched it.

See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2541 and
http://marc.theaimsgroup.com/?l=bugtraq&m=112327628230258&w=2

I don't think that there are any other (unpatched) security issues  
aside from that.

-Jeff