FreeBSD-SA-07:05.libarchive - Errors handling corrupt tar files in libarchive(3)

ということで久々の FreeBSD-SA なわけですが...

I. Background

The libarchive library provides a flexible interface for reading and
writing streaming archive files such as tar and cpio, and has been the
basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3.


III. Impact

An attacker who can cause a corrupt archive of his choice to be parsed
by libarchive, including by having "tar -x" (extract) or "tar -t" (list
entries) run on it, can cause libarchive to enter an infinite loop, to
core dump, or possibly to execute arbitrary code provided by the

ということですので、SA の通り修正済みのバージョンまで上げるか、パッチを当てて関連ファイルの再構築をしておきましょう。