Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-0624

Published: 15 March 2010

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

Notes

AuthorNote
sbeattie
both tar and cpio get their rmt client from paxutils

Priority

Low

Status

Package Release Status
cpio
Launchpad, Ubuntu, Debian
upstream Needed

dapper Ignored
(end of life)
hardy Ignored
(end of life)
intrepid Ignored
(end of life, was needed)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid
Released (2.10-1ubuntu2.1)
maverick Not vulnerable
(2.11-4ubuntu1)
natty Not vulnerable
(2.11-4ubuntu1)
oneiric Not vulnerable
(2.11-4ubuntu1)
precise Not vulnerable
(2.11-4ubuntu1)
quantal Not vulnerable
(2.11-4ubuntu1)
raring Not vulnerable
(2.11-4ubuntu1)
saucy Not vulnerable
(2.11-4ubuntu1)
trusty Not vulnerable
(2.11-4ubuntu1)
utopic Not vulnerable
(2.11-4ubuntu1)
vivid Not vulnerable
(2.11-4ubuntu1)
Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2010-0143.html
upstream: http://git.savannah.gnu.org/cgit/paxutils.git/diff/lib/rtapelib.c?id=9bc39283e4cc6ab9e5913ccbf766998eab4ff093


tar
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Ignored
(end of life)
intrepid Ignored
(end of life, was needed)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid Ignored
(end of life)
maverick Ignored
(end of life)
natty Not vulnerable
(1.23-3)
oneiric Not vulnerable
(1.23-3)
precise Not vulnerable
(1.23-3)
quantal Not vulnerable
(1.23-3)
raring Not vulnerable
(1.23-3)
saucy Not vulnerable
(1.23-3)
trusty Not vulnerable
(1.23-3)
upstream Needed

utopic Not vulnerable
(1.23-3)
vivid Not vulnerable
(1.23-3)
Patches:


vendor: https://rhn.redhat.com/errata/RHSA-2010-0142.html
upstream: http://git.savannah.gnu.org/cgit/paxutils.git/diff/lib/rtapelib.c?id=9bc39283e4cc6ab9e5913ccbf766998eab4ff093