libtar: Arbitraty code execution A buffer overflow in libtar might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. libtar 2014-02-21 2014-02-21 487420 remote 1.2.20-r2 1.2.20-r2

libtar is a C library for manipulating POSIX tar files.

An integer overflow error within the “th_read()” function when processing long names or link extensions can be exploited to cause a heap-based buffer overflow via a specially crafted archive.

A remote attacker could entice a user to open a specially crafted file using a program linked against libtar, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

There is no known workaround at this time.

All libtar users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libtar-1.2.20-r2" CVE-2013-4397 pinkbyte pinkbyte