Home page logo

bugtraq logo Bugtraq mailing list archives

rPSA-2007-0222-1 cpio tar
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Tue, 23 Oct 2007 19:37:06 -0400

rPath Security Advisory: 2007-0222-1
Published: 2007-10-23
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    Indirect Deterministic Denial of Service
Updated Versions:
    cpio=conary.rpath.com () rpl:1/2.6-14.1-1
    tar=conary.rpath.com () rpl:1/1.15.1-7.3-1

rPath Issue Tracking System:


    Previous versions of the cpio and tar packages are vulnerable to a
    Denial of Service attack in which an attacker can use a malformed
    archive file to cause a stack-based buffer overflow, crashing the
    application.  It is not believed that this vulnerability can be
    exploited to execute malicious code.


Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

  By Date           By Thread  

Current thread:
  • rPSA-2007-0222-1 cpio tar rPath Update Announcements (Oct 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]