MiracleLinux 3 : tar-1.15.1-23.0.1.AXS3.2 (AXSA:2010-148:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-148:01 advisory. The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that archive. Tar can also be...

MiracleLinux 3 : cpio-2.6-23.AXS3.1 (AXSA:2010-146:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-146:01 advisory. GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them,...

NewStart CGSL MAIN 4.05 : tar Multiple Vulnerabilities (NS-SA-2019-0153)

The remote NewStart CGSL host, running version MAIN 4.05, has tar packages installed that are affected by multiple vulnerabilities: - Buffer overflow in tar 1.14 through 1.15.90 allows user- assisted attackers to cause a denial of service application crash and possibly execute code via unspecifie...

Security Bulletin: IBM Flex System Manager (FSM) is affected by tar vulnerabilities (CVE-2010-0624 CVE-2016-6321)

Summary Multiple security vulnerabilities have been identified in the tar command that is embedded in IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2010-0624 DESCRIPTION: GNU Tar and GNU Cpio are vulnerable to a heap-based buffer overflow, caused by...

Oracle: Security Advisory (ELSA-2010-0144)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2010-0141)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201311-21

Gentoo Linux Local Security Checks GLSA 201311-21 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Ubuntu: Security Advisory (USN-2456-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : GNU cpio vulnerabilities (USN-2456-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2456-1 advisory. Michal Zalewski discovered an out of bounds write issue in the processcopyin function of GNU cpio. An attacker could specially craft a cpio archive that...

USN-2456-1: GNU cpio vulnerabilities

Michal Zalewski discovered an out of bounds write issue in the processcopyin function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. CVE-2014-9112 Jakob Lell discovered a heap-based buffer overflow in the...

USN-2456-1 cpio vulnerabilities

Michal Zalewski discovered an out of bounds write issue in the processcopyin function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. CVE-2014-9112 Jakob Lell discovered a heap-based buffer overflow in the...

Oracle Linux 3 : cpio (ELSA-2010-0145)

From Red Hat Security Advisory 2010:0145 : An updated cpio package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU cpio copies files into or out of a cpio or ta...

Oracle Linux 4 : cpio (ELSA-2010-0143)

From Red Hat Security Advisory 2010:0143 : An updated cpio package that fixes one security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU cpio copies files into or out of a cpio or tar...

Oracle Linux 5 : tar (ELSA-2010-0141)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2010-0141 advisory. - CVE-2007-4476 - fix stack crashing in safernamesuffix Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 3 : tar (ELSA-2010-0142)

From Red Hat Security Advisory 2010:0142 : An updated tar package that fixes one security issue is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in on...

Scientific Linux Security Update : cpio on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2005-4268 cpio large filesize buffer overflow CVE-2007-4476 tar/cpio stack crashing in safernamesuffix CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially crafted archive A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user wer...

Gentoo Security Advisory GLSA 201111-11 (tar)

The remote host is missing updates announced in advisory GLSA 201111-11. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CentOS Update for tar CESA-2010:0141 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SuSE 11 Security Update : tar (SAT Patch Number 2124)

A malicious remote tape server could cause a buffer overflow in tar. In order to exploit that an attacker would have to trick the victim to extract a file that causes tar to open a connection to the rmt server CVE-2010-0624. It's advisable to always use tar's -force-local local option to avoid su...

SuSE 10 Security Update : cpio (ZYPP Patch Number 6948)

This update fixes a heap-based buffer overflow flaw that can happen while expanding specially crafted archive files. CVE-2010-0624 It also contains changes for : fixed Dat160 Tape Drive density information bnc415166 fixed cpio issues with file sizes = 2^32 fixed handling eof and eod marks...