diff options
| -rw-r--r-- | chapter01/changelog.xml | 3 | ||||
| -rw-r--r-- | chapter03/patches.xml | 7 | ||||
| -rw-r--r-- | chapter06/tar.xml | 5 | ||||
| -rw-r--r-- | patches.ent | 1 |
4 files changed, 16 insertions, 0 deletions
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 288978dbb..1ccb98db0 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -39,6 +39,9 @@ <listitem> <para>April 14, 2006</para> <itemizedlist> + <listitem> + <para>[ken] - Add security patch for tar to address CVE-2006-0300.</para> + </listitem> <listitem> <para>[archaic] - Upgraded to man-pages-2.29 and linux-2.6.16.5. No command changes.</para> diff --git a/chapter03/patches.xml b/chapter03/patches.xml index 3bb1068b4..202dd3ac3 100644 --- a/chapter03/patches.xml +++ b/chapter03/patches.xml @@ -201,6 +201,13 @@ </varlistentry> <varlistentry> + <term>Tar Security Fixes Patch - 4 KB:</term> + <listitem> + <para><ulink url="&patches-root;&tar-security_fixes-patch;"/></para> + </listitem> + </varlistentry> + + <varlistentry> <term>Texinfo Multibyte Fixes Patch - 1 KB:</term> <listitem> <para><ulink url="&patches-root;&texinfo-multibyte-patch;"/></para> diff --git a/chapter06/tar.xml b/chapter06/tar.xml index 2d04c4364..ee06b442e 100644 --- a/chapter06/tar.xml +++ b/chapter06/tar.xml @@ -54,6 +54,11 @@ <screen><userinput>patch -Np1 -i ../&tar-sparse_fix-patch;</userinput></screen> + <para>Recent versions of tar are vulnerable to a buffer overflow from + specially crafted archives. The following patch addresses this:</para> + +<screen><userinput>patch -Np1 -i ../&tar-security_fixes-patch;</userinput></screen> + <para>Prepare Tar for compilation:</para> <screen><userinput>./configure --prefix=/usr --bindir=/bin --libexecdir=/usr/sbin</userinput></screen> diff --git a/patches.ent b/patches.ent index fa33436cb..03a8f7d40 100644 --- a/patches.ent +++ b/patches.ent @@ -46,6 +46,7 @@ <!ENTITY tar-gcc4_fix-patch "tar-&tar-version;-gcc4_fix_tests-1.patch"> <!ENTITY tar-sparse_fix-patch "tar-&tar-version;-sparse_fix-1.patch"> +<!ENTITY tar-security_fixes-patch "tar-&tar-version;-security_fixes-1.patch"> <!ENTITY texinfo-multibyte-patch "texinfo-&texinfo-version;-multibyte-1.patch"> <!ENTITY texinfo-tempfile_fix-patch "texinfo-&texinfo-version;-tempfile_fix-2.patch"> |