Vulnerability in GNU "tar"
Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.
Red Hat describes the vulnerability as a directory traversal error, stating that attackers could use manipulated archvies to exploit the bug. "../" directory entries give the attacker the ability to overwrite files for which the executing user has write permissions. The security hole is due to faulty "contains_dot_dot()" function in the "names.c" file. Both Red Hat and the Secunia security service have classified the vulnerability as moderate.
The error affects GNU tar version 1.18 and older. An update and a patch by Red Hat are already available. Other distributions can be expected to follow suit. Users are advised to update their systems.
Issue 43_SI: LibreOffice Expert/Special Editions
Buy this issue as a PDF
News
-
EndeavorOS 21.4 Has Arrived
Arch-based EndeavorOS 21.4 is finally available for download with plenty of new features and improvements.
-
NixOS 21.11 Now Available for Download
NixOS “Porcupine” has been made available for installation and includes numerous improvements.
-
KDE Plasma Developers Introduce a GNOME-Like Overview
A new overview effect makes it easier for users to interact with both Plasma Activities and Virtual Desktops.
-
Rocky Linux 8.5 Now Available with Secure Boot Support
The latest iteration of CentOS alternative, Rocky Linux has arrived and includes numerous updates as well as support for Secure Boot.
-
System76 Developing a New Desktop Environment
The makers of Pop!_OS are currently in the early stages of creating a brand new, non-GNOME, desktop environment.
-
Hetzner Opens New Location in the USA
The Hetzner cost-effective Cloud solution has arrived in the United States to offer cloud servers that offer solid performance without a high price.
-
KDE Plasma 5.24 Introduces Fingerprint Reader Support
The next release of the KDE Plasma desktop environment will include support for fingerprint readers for session authentication and more.
-
Ubuntu 21.10 Released and Finally Includes Gnome 40
The most anticipated update to Ubuntu is finally here and the workflow couldn't be better.
-
Linux Can Now Run on Apple’s M1 Chipset
Linux users looking to take advantage of Apple Silicon are about to get their wish with the M1 chipset.
-
MX Linux 21 RC Candidate Available For Testing
The MX Linux development team has released the RC images for MX Linux 21 for testing purposes.