Vulnerabilities > CVE-2013-4397 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Application | 9 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20131010_LIBTAR_ON_SL6_X.NASL description Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially- crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397) Note: This issue only affected 32-bit builds of libtar. last seen 2020-03-18 modified 2013-10-11 plugin id 70394 published 2013-10-11 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70394 title Scientific Linux Security Update : libtar on SL6.x i386/x86_64 (20131010) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(70394); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2013-4397"); script_name(english:"Scientific Linux Security Update : libtar on SL6.x i386/x86_64 (20131010)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially- crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397) Note: This issue only affected 32-bit builds of libtar." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1310&L=scientific-linux-errata&T=0&P=558 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f49fac3a" ); script_set_attribute( attribute:"solution", value: "Update the affected libtar, libtar-debuginfo and / or libtar-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtar-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"libtar-1.2.11-17.el6_4.1")) flag++; if (rpm_check(release:"SL6", reference:"libtar-debuginfo-1.2.11-17.el6_4.1")) flag++; if (rpm_check(release:"SL6", reference:"libtar-devel-1.2.11-17.el6_4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtar / libtar-debuginfo / libtar-devel"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-18808.NASL description fix CVE-2013-4397: buffer overflows by expanding a specially crafted archive Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-10-21 plugin id 70529 published 2013-10-21 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70529 title Fedora 19 : libtar-1.2.11-26.fc19 (2013-18808) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-18808. # include("compat.inc"); if (description) { script_id(70529); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4397"); script_bugtraq_id(62922); script_xref(name:"FEDORA", value:"2013-18808"); script_name(english:"Fedora 19 : libtar-1.2.11-26.fc19 (2013-18808)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "fix CVE-2013-4397: buffer overflows by expanding a specially crafted archive Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1014492" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119418.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8693777c" ); script_set_attribute( attribute:"solution", value:"Update the affected libtar package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtar"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"libtar-1.2.11-26.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtar"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1418.NASL description An updated libtar package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtar package contains a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397) Note: This issue only affected 32-bit builds of libtar. Red Hat would like to thank Timo Warns for reporting this issue. All libtar users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 70400 published 2013-10-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70400 title CentOS 6 : libtar (CESA-2013:1418) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1418 and # CentOS Errata and Security Advisory 2013:1418 respectively. # include("compat.inc"); if (description) { script_id(70400); script_version("1.9"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2013-4397"); script_bugtraq_id(62922); script_xref(name:"RHSA", value:"2013:1418"); script_name(english:"CentOS 6 : libtar (CESA-2013:1418)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated libtar package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtar package contains a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397) Note: This issue only affected 32-bit builds of libtar. Red Hat would like to thank Timo Warns for reporting this issue. All libtar users are advised to upgrade to this updated package, which contains a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2013-October/019969.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8819a465" ); script_set_attribute( attribute:"solution", value:"Update the affected libtar packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4397"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtar-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"libtar-1.2.11-17.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"libtar-devel-1.2.11-17.el6_4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtar / libtar-devel"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-253.NASL description Updated libtar packages fixes security vulnerability : Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code (CVE-2013-4397). last seen 2020-06-01 modified 2020-06-02 plugin id 70520 published 2013-10-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70520 title Mandriva Linux Security Advisory : libtar (MDVSA-2013:253) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16015326.NASL description Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow. (CVE-2013-4397) last seen 2020-03-17 modified 2016-02-05 plugin id 88582 published 2016-02-05 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88582 title F5 Networks BIG-IP : libtar vulnerability (K16015326) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1418.NASL description From Red Hat Security Advisory 2013:1418 : An updated libtar package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtar package contains a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397) Note: This issue only affected 32-bit builds of libtar. Red Hat would like to thank Timo Warns for reporting this issue. All libtar users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 70386 published 2013-10-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70386 title Oracle Linux 6 : libtar (ELSA-2013-1418) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1418.NASL description An updated libtar package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtar package contains a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397) Note: This issue only affected 32-bit builds of libtar. Red Hat would like to thank Timo Warns for reporting this issue. All libtar users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 70387 published 2013-10-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70387 title RHEL 6 : libtar (RHSA-2013:1418) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2817.NASL description Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code. last seen 2020-03-17 modified 2013-12-16 plugin id 71442 published 2013-12-16 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71442 title Debian DSA-2817-1 : libtar - Integer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2013-18785.NASL description fix CVE-2013-4397: buffer overflows by expanding a specially crafted archive Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-10-20 plugin id 70511 published 2013-10-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70511 title Fedora 18 : libtar-1.2.11-25.fc18 (2013-18785) NASL family Fedora Local Security Checks NASL id FEDORA_2013-18877.NASL description fix CVE-2013-4397: buffer overflows by expanding a specially crafted archive Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-11-11 plugin id 70816 published 2013-11-11 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70816 title Fedora 20 : libtar-1.2.11-27.fc20 (2013-18877) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201402-19.NASL description The remote host is affected by the vulnerability described in GLSA-201402-19 (libtar: Arbitraty code execution) An integer overflow error within the “th_read()” function when processing long names or link extensions can be exploited to cause a heap-based buffer overflow via a specially crafted archive. Impact : A remote attacker could entice a user to open a specially crafted file using a program linked against libtar, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72633 published 2014-02-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72633 title GLSA-201402-19 : libtar: Arbitraty code execution NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1440.NASL description According to the version of the libtar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.(CVE-2013-4397) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124943 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124943 title EulerOS Virtualization 3.0.1.0 : libtar (EulerOS-SA-2019-1440)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2013/10/10/4
- http://www.openwall.com/lists/oss-security/2013/10/10/6
- http://secunia.com/advisories/55188
- http://rhn.redhat.com/errata/RHSA-2013-1418.html
- http://www.securityfocus.com/bid/62922
- http://secunia.com/advisories/55253
- http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04
- http://www.securitytracker.com/id/1029166
- https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html
- http://www.debian.org/security/2013/dsa-2817
- http://www.securitytracker.com/id/1040106
- https://source.android.com/security/bulletin/2018-01-01