Mandriva Linux Security Advisory : libtar (MDVSA-2014:045)
Medium Nessus Plugin ID 72614
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter (CVE-2013-4420).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected libtar and / or libtar-devel packages.