Lucene search
RedHatRHSA-2010:0141HistoryMar 15, 2010 - 12:00 a.m.
(RHSA-2010:0141) Moderate: tar security update
2010-03-1500:00:00
access.redhat.com
25
EPSS
0.013
Percentile
85.9%
The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.
A heap-based buffer overflow flaw was found in the way tar expanded archive
files. If a user were tricked into expanding a specially-crafted archive,
it could cause the tar executable to crash or execute arbitrary code with
the privileges of the user running tar. (CVE-2010-0624)
Red Hat would like to thank Jakob Lell for responsibly reporting the
CVE-2010-0624 issue.
A denial of service flaw was found in the way tar expanded archive files.
If a user expanded a specially-crafted archive, it could cause the tar
executable to crash. (CVE-2007-4476)
Users of tar are advised to upgrade to this updated package, which contains
backported patches to correct these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 4 | s390x | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.s390x.rpm |
| RedHat | 5 | x86_64 | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.x86_64.rpm |
| RedHat | 5 | ppc | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.ppc.rpm |
| RedHat | 4 | x86_64 | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.x86_64.rpm |
| RedHat | 5 | src | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.src.rpm |
| RedHat | 4 | ppc | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.ppc.rpm |
| RedHat | 4 | i386 | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.i386.rpm |
| RedHat | 5 | i386 | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.i386.rpm |
| RedHat | 5 | ia64 | tar | < 1.15.1-23.0.1.el5_4.2 | tar-1.15.1-23.0.1.el5_4.2.ia64.rpm |
| RedHat | 4 | ia64 | tar | < 1.14-13.el4_8.1 | tar-1.14-13.el4_8.1.ia64.rpm |
Related
openvas
openvas
CentOS Update for tar CESA-2010:0141 centos5 i386
2011-08-09 00:00:00
RedHat Update for tar RHSA-2010:0141-01
2010-03-22 00:00:00
CentOS Update for tar CESA-2010:0141 centos4 i386
2010-03-22 00:00:00
centos
centos
tar security update
2010-03-16 12:59:13
cpio security update
2010-03-16 12:58:04
cpio security update
2010-03-17 15:35:58
nessus
nessus
Oracle Linux 5 : cpio (ELSA-2010-0144)
2013-07-12 00:00:00
Scientific Linux Security Update : tar on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 5 : cpio (RHSA-2010:0144)
2010-05-11 00:00:00
oraclelinux
oraclelinux
tar security update
2010-03-15 00:00:00
cpio security update
2010-03-15 00:00:00
tar security update
2010-03-15 00:00:00
redhat
redhat
(RHSA-2010:0144) Moderate: cpio security update
2010-03-15 00:00:00
(RHSA-2010:0142) Moderate: tar security update
2010-03-15 00:00:00
(RHSA-2010:0143) Moderate: cpio security update
2010-03-15 00:00:00
freebsd
freebsd
gtar -- buffer overflow in rmt client
2010-03-24 00:00:00
gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability
2007-11-14 00:00:00
cve
cve
CVE-2010-0624
2010-03-15 13:28:25
CVE-2007-4476
2007-09-05 01:17:00
fedora
fedora
[SECURITY] Fedora 13 Update: cpio-2.10-6.fc13
2010-03-20 03:37:13
[SECURITY] Fedora 11 Update: cpio-2.9.90-8.fc11
2010-03-27 00:57:44
[SECURITY] Fedora 11 Update: tar-1.22-5.fc11
2010-03-27 01:00:53
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:44:05
Arbitrary Code Execution
2020-04-10 00:44:05
cvelist
cvelist
CVE-2010-0624
2010-03-12 20:00:00
CVE-2007-4476
2007-09-05 01:00:00
gentoo
gentoo
GNU Tar: User-assisted execution of arbitrary code
2011-11-20 00:00:00
Cpio: Buffer overflow
2007-11-14 00:00:00
cpio: Arbitrary code execution
2013-11-28 00:00:00
nvd
nvd
CVE-2010-0624
2010-03-15 13:28:25
CVE-2007-4476
2007-09-05 01:17:00
securityvulns
securityvulns
GNU tar / cpio buffer overflow
2010-03-11 00:00:00
GNU tar buffer overflow
2008-10-18 00:00:00
prion
prion
Heap overflow
2010-03-15 13:28:00
Buffer overflow
2007-09-05 01:17:00
debiancve
debiancve
CVE-2010-0624
2010-03-15 13:28:25
CVE-2007-4476
2007-09-05 01:17:00
ubuntu
ubuntu
cpio vulnerability
2008-10-02 00:00:00
tar vulnerability
2009-01-15 00:00:00
GNU cpio vulnerabilities
2015-01-08 00:00:00
osv
osv
cpio - programming error
2008-05-02 00:00:00
tar-1.29-2.1 on GA media
2024-06-15 00:00:00
tar
2007-12-28 00:00:00
ubuntucve
ubuntucve
CVE-2010-0624
2010-03-15 00:00:00
CVE-2007-4476
2007-09-05 00:00:00
exploitdb
exploitdb
seebug
seebug
GNU TAR和CPIO safer_name_suffix远程拒绝服务漏洞
2007-11-17 00:00:00
VMware ESX Service Console多个安全漏洞
2012-01-13 00:00:00
debian
debian
[SECURITY] [DSA 1566-1] New cpio packages fix denial of service
2008-05-02 15:00:29
[SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities
2007-12-28 15:29:40
ibm
ibm
vmware
vmware
VMware ESX third party updates for Service Console
2010-08-31 00:00:00
VMware ESX third party updates for Service Console
2010-08-31 00:00:00