Has tar-1.15.1 been built & released for rh7.3?
Jeff Sheltren
sheltren at cs.ucsb.edu
Mon Oct 10 23:22:44 UTC 2005
On Oct 10, 2005, at 5:43 PM, Gene Heskett wrote:
>
> I've been running 1.15.1 on this FC2 box now for about 3 months,
> and it
> appears to be completey compatible. Then I read someplace where a
> security hole had been found in pre 1.15 issues, so I thought I'd
> try to
> upgrade my firewall box, which is still running 7.3, but with a 2.4.29
> kernel.
Hi Gene, the only recent tar report I've seen is regarding tar
preserving setuid/setgid information, which is actually the intended
behavior of tar, so I am not sure that anyone even patched it.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2541 and
http://marc.theaimsgroup.com/?l=bugtraq&m=112327628230258&w=2
I don't think that there are any other (unpatched) security issues
aside from that.
-Jeff
More information about the fedora-legacy-list
mailing list