Patch-ID# 118192-05


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security metropolis file-roller gtar
Synopsis: SunOS 5.9_x86: gtar patch
Date: Apr/19/2010


Install Requirements: NA

Solaris Release: 9_x86

SunOS Release: 5.9_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 118191

Topic: SunOS 5.9_x86: gtar patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
506995815217348
640704515322860
661627815430399
670513115481984
681290515546362
683586415559788
693021415625822


Changes incorporated in this version: 6930214

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/sfw/bin/gtar
/usr/sfw/bin/tar
/usr/sfw/libexec/grmt
/usr/sfw/libexec/rmt

Problem Description:

6930214 CVE-2010-0624: heap-based buffer overflow in GNU tar
 
(from 118192-04)
 
6616278 upgrade GNU tar (gtar) to 1.19 or greater to address CVE-2007-4131
6835864 upgrade GNU tar (gtar) to version 1.22
 
(from 118192-03)
 
6812905 /usr/sfw/bin/gtar has incorrect rmt path compiled in
 
(from 118192-02)
 
6407045 upgrade GNU tar (gtar) to 1.15.90 to address CVE-2006-0300
6705131 gtar can produce broken archives when used with -M option
 
(from 118192-01)
 
5069958 [metropolis]: file-roller does not display multibyte characters


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
Not all patches listed in this section as needed for the completion
of a fix or feature, may be available at the same time as this patch.
This allows the remaining fixes/features to be made available sooner.
 
NOTE 1: To get the full fix for BugId's:
 
        5069958 [metropolis]: file-roller does not display multibyte characters
                (includes gtar man pages)
        6407045 upgrade GNU tar (gtar) to 1.15.90 to address CVE-2006-0300
        6705131 gtar can produce broken archives when used with -M option
 
        please also install following patches:
 
        114015-09 (or greater)  libxml and Freeware man pages patch
        116341-03 (or greater)  gzip patch
        118190-01 (or greater)  Freeware localizable message file patch
        118194-02 (or greater)  gtar source patch
 
NOTE 2: To get the full fix for BugId's:
 
        6835864 upgrade GNU tar (gtar) to version 1.22
        6616278 upgrade GNU tar (gtar) to 1.19 or greater to address
                CVE-2007-4131
 
        please also install following patches:
 
        116341-08 (or greater)  gzip and Freeware info files patch
        118194-03 (or greater)  gtar source patch
 
         However, note that these two patches aren't necessary to get the
         operational parts of the fixes; they update documentation and
         source code files.


README -- Last modified date: Saturday, November 10, 2012