GNU Tar Hostile Destination Path Vulnerability

GNU Tar Hostile Destination Path Vulnerability

Solution:
NOTE: Allot NetEnforcer includes a vulnerable version of GNU tar. The vendor has addressed this issue in NetEnforcer 4.2.4 by using GNU cpio instead. The vendor has also announced that Allot NetEnforcer will include updated tar packages as soon as GNU provides them.

Please see the referenced advisories for more information.

GNU tar 1.13

GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

GNU tar 1.13.11

GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

GNU tar 1.13.14

GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

GNU tar 1.13.16

GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

GNU tar 1.13.17

GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

GNU tar 1.13.18

GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

GNU tar 1.13.19

Conectiva tar-1.13.25-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/tar-1.13.25-1U60_1cl.i386 .rpm

Conectiva tar-1.13.25-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/tar-1.13.25-1U70_1cl.i386 .rpm

Conectiva tar-1.13.25-2U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/tar-1.13.25-2U80_1cl.i386.r pm

GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

MandrakeSoft tar-1.13.25-6.2mdk.i586.rpm
Corporate Server 1.0.1
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.i586.rpm
Mandrake Linux 7.1
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.i586.rpm
Mandrake Linux 7.2
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.i586.rpm
Mandrake Linux 8.0
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.i586.rpm
Mandrake Linux 8.1
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.i586.rpm
Mandrake Linux 8.2
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.i586.rpm
Mandrake Linux 9.0
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.i586.rpm
Single Network Firewall 7.2
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.ia64.rpm
Mandrake Linux 8.1/ia64
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.ppc.rpm
Mandrake Linux 8.0/ppc
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft tar-1.13.25-6.2mdk.ppc.rpm
Mandrake Linux 8.2/ppc
http://www.mandrakesecure.net/en/ftp.php

Red Hat tar-1.13.25-1.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tar-1.13.25-1.6.alpha.rpm

Red Hat tar-1.13.25-1.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tar-1.13.25-1.6.i386.rpm

Red Hat tar-1.13.25-1.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tar-1.13.25-1.6.sparc.rpm

Red Hat tar-1.13.25-4.7.1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm

Red Hat tar-1.13.25-4.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm

Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tar-1.13.25-4.7.1.i386.rpm

Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tar-1.13.25-4.7.1.i386.rpm

Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tar-1.13.25-4.7.1.i386.rpm

Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/tar-1.13.25-4.7.1.i386.rpm

Red Hat tar-1.13.25-4.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm

Red Hat tar-1.13.25-4.7.1.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm

GNU tar 1.13.5

GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz