CVE-2010-0624

Priority
Description
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in
the rmt client functionality in GNU tar before 1.23 and GNU cpio before
2.11 allows remote rmt servers to cause a denial of service (memory
corruption) or possibly execute arbitrary code by sending more data than
was requested, related to archive filenames that contain a : (colon)
character.
Notes
sbeattieboth tar and cpio get their rmt client from paxutils
Package
Source: cpio (LP Ubuntu Debian)
Upstream:needed
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (2.11-4ubuntu1)
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2010-0143.html
Upstream:http://git.savannah.gnu.org/cgit/paxutils.git/diff/lib/rtapelib.c?id=9bc39283e4cc6ab9e5913ccbf766998eab4ff093
Package
Source: tar (LP Ubuntu Debian)
Upstream:needed
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (1.23-3)
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2010-0142.html
Upstream:http://git.savannah.gnu.org/cgit/paxutils.git/diff/lib/rtapelib.c?id=9bc39283e4cc6ab9e5913ccbf766998eab4ff093
More Information

Updated: 2019-12-05 20:54:38 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)