| |||||||||||||||||||
Pardus alert 2010-42 (tar-1.21-18-4 cpio-2.9-9-5 cpio-2.9-9-4 tar-1.20-17-4)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-42 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-03-29 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in GNU tar, which can potentially be exploited by malicious people to compromise a vulnerable system. Description =========== CVE-2010-0624: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. Affected packages: tar-1.21-18-4, all before 2009 cpio-2.9-9-5, all before 2009 cpio-2.9-9-4, all before 2008 tar-1.20-17-4, all before 2008 Resolution ========== There are update(s) for tar-1.21-18-4, cpio-2.9-9-5, cpio-2.9-9-4, tar-1.20-17-4. You can update them via Package Manager or with a single command from console: pisi up tar-1.21-18-4 cpio-2.9-9-5 cpio-2.9-9-4 tar-1.20-17-4 References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12435 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624 * https://bugzilla.redhat.com/show_bug.cgi?id=564368 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||