|| ||rPath Update Announcements <firstname.lastname@example.org>|
|| ||email@example.com, firstname.lastname@example.org|
|| ||rPSA-2007-0222-1 cpio tar|
|| ||Tue, 23 Oct 2007 19:37:06 -0400|
|| ||email@example.com, firstname.lastname@example.org,
rPath Security Advisory: 2007-0222-1
Products: rPath Linux 1
Exposure Level Classification:
Indirect Deterministic Denial of Service
rPath Issue Tracking System:
Previous versions of the cpio and tar packages are vulnerable to a
Denial of Service attack in which an attacker can use a malformed
archive file to cause a stack-based buffer overflow, crashing the
application. It is not believed that this vulnerability can be
exploited to execute malicious code.
Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
to post comments)