CVE-2007-4476

Name of the Vulnerable Software and Affected Versions tar versions 1.14 through 1.15.1 Debian GNU/Linux (affected versions not specified) CentOS (affected versions not specified) Red Hat Enterprise Linux (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the tar package of various operating systems, including Debian GNU/Linux, CentOS, and Red Hat Enterprise Linux. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. A buffer overflow in the safer name suffix function in GNU tar has been identified, resulting in a crashing stack. The vulnerabilities can be exploited remotely.

Recommendations For tar versions 1.14 through 1.15.1, consider disabling the safer name suffix function as a temporary workaround until a patch is available. For Debian GNU/Linux, update to a version that includes the fix for the tar package vulnerabilities. For CentOS, update to a version that includes the fix for the tar package vulnerabilities. For Red Hat Enterprise Linux, update to a version that includes the fix for the tar package vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability in some of the affected operating systems.