%package tar
Update: Mon Oct 15 16:07:08 2007
Importance: security
ID: MDKSA-2007:197
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:197

%pre
A buffer overflow in GNU tar has unspecified attack vectors and impact,
resulting in a crashing stack.

Updated packages fix this issue.

%description
The GNU tar program saves many files together into one archive and
can restore individual files (or all of the files) from the archive.
Tar can also be used to add supplemental files to an archive and to
update or list files in the archive.

Tar includes multivolume support, automatic archive compression/
decompression, the ability to perform remote archives and the
ability to perform incremental and full backups.

If you want to use Tar for remote backups, you'll also need to
install the rmt package.

You should install the tar package, because you'll find its
compression and decompression utilities essential for working
with files.


%package util-linux-ng
Update: Mon Oct 15 16:15:13 2007
Importance: security
ID: MDKSA-2007:198
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:198

%pre
The mount and umount programs in util-linux called the setuid() and
setgid() functions in the wrong order and did not check the return
values, which could allow attackers to grain privileges via helper
applications such as mount.nfs.

Updated packages have been patched to fix this issue.

%description
The util-linux-ng package contains a large variety of low-level system
utilities that are necessary for a Linux system to function.  Among
others, Util-linux contains the fdisk configuration tool and the login
program.