mailing list archives
rPSA-2007-0222-1 cpio tar
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Tue, 23 Oct 2007 19:37:06 -0400
rPath Security Advisory: 2007-0222-1
Products: rPath Linux 1
Exposure Level Classification:
Indirect Deterministic Denial of Service
cpio=conary.rpath.com () rpl:1/2.6-14.1-1
tar=conary.rpath.com () rpl:1/1.15.1-7.3-1
rPath Issue Tracking System:
Previous versions of the cpio and tar packages are vulnerable to a
Denial of Service attack in which an attacker can use a malformed
archive file to cause a stack-based buffer overflow, crashing the
application. It is not believed that this vulnerability can be
exploited to execute malicious code.
Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
- rPSA-2007-0222-1 cpio tar rPath Update Announcements (Oct 24)