ports/130602: vuxml submission for archivers/gtar
Mark Foster
mark at foster.cc
Fri Jan 16 05:40:02 UTC 2009
>Number: 130602
>Category: ports
>Synopsis: vuxml submission for archivers/gtar
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 16 05:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Mark Foster
>Release: 7.1
>Organization:
Credentia
>Environment:
FreeBSD frau.foster.cc 7.1-RELEASE-p1 FreeBSD 7.1-RELEASE-p1 #4: Sat Jan 10 20:04:30 PST 2009 root at frau.foster.cc:/usr/obj/usr/src/sys/GENERIC i386
>Description:
>How-To-Repeat:
>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="0809ce7d-f672-4924-9b3b-7c74bc279b83">
<topic>gtar -- GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability</topic>
<affects>
<package>
<name>gtar</name>
<range><lt>1.16</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/26445/">
<p>GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca function.
Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed.
GNU tar and cpio utilities share the same vulnerable code and are both affected. Other utilities sharing this code may also be affected. </p>
</blockquote>
</body>
</description>
<references>
<url>http://www.securityfocus.com/bid/26445/</url>
<cvename>CVE-2007-4476</cvename>
<bid>26445</bid>
</references>
<dates>
<discovery>2007-11-14</discovery>
<entry>2009-01-15</entry>
</dates>
</vuln>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list