LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

tar, cpio: arbitrary code execution

Package(s):tar cpio CVE #(s):CVE-2010-0624
Created:March 16, 2010 Updated:November 21, 2011
Description: From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the way tar and expand archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the executable to crash or execute arbitrary code with the privileges of the user running it.

Alerts:
Gentoo 201111-11 2011-11-20
rPath rPSA-2010-0070-1 2010-10-27
SuSE SUSE-SR:2010:011 2010-05-10
Pardus 2010-42 2010-03-29
Fedora FEDORA-2010-4306 2010-03-12
Fedora FEDORA-2010-4302 2010-03-12
Mandriva MDVSA-2010:065 2010-03-23
CentOS CESA-2010:0143 2010-03-17
CentOS CESA-2010:0142 2010-03-17
CentOS CESA-2010:0145 2010-03-17
Fedora FEDORA-2010-4321 2010-03-12
CentOS CESA-2010:0141 2010-03-16
CentOS CESA-2010:0144 2010-03-16
Fedora FEDORA-2010-4309 2010-03-12
Red Hat RHSA-2010:0145-01 2010-03-15
Red Hat RHSA-2010:0144-01 2010-03-15
Red Hat RHSA-2010:0143-01 2010-03-15
Red Hat RHSA-2010:0142-01 2010-03-15
Red Hat RHSA-2010:0141-01 2010-03-15
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds