Candidate: CVE-2013-4397
PublicDate: 2013-10-17 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4397
 https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html
Description:
 Multiple integer overflows in the th_read function in lib/block.c in libtar
 before 1.2.20 allow remote attackers to cause a denial of service (crash)
 and possibly execute arbitrary code via a long (1) name or (2) link in an
 archive, which triggers a heap-based buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725938
Priority: medium
Discovered-by: Timo Warns
Assigned-to:
CVSS: 

Patches_libtar:
 upstream: http://repo.or.cz/w/libtar.git/commit/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04
 vendor: http://www.debian.org/security/2013/dsa-2817
upstream_libtar: released (1.2.20-1)
lucid_libtar: ignored (reached end-of-life)
precise_libtar: ignored (reached end-of-life)
precise/esm_libtar: DNE (precise was needed)
quantal_libtar: ignored (reached end-of-life)
raring_libtar: ignored (reached end-of-life)
saucy_libtar: ignored (reached end-of-life)
trusty_libtar: not-affected (1.2.20-1)
trusty/esm_libtar: DNE (trusty was not-affected [1.2.20-1])
utopic_libtar: not-affected (1.2.20-1)
vivid_libtar: not-affected (1.2.20-1)
vivid/stable-phone-overlay_libtar: DNE
vivid/ubuntu-core_libtar: DNE
wily_libtar: not-affected (1.2.20-1)
xenial_libtar: not-affected (1.2.20-1)
yakkety_libtar: not-affected (1.2.20-1)
zesty_libtar: not-affected (1.2.20-1)
devel_libtar: not-affected (1.2.20-1)