===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata56.html,v
retrieving revision 1.26
retrieving revision 1.27
diff -c -r1.26 -r1.27
*** www/errata56.html 2015/04/30 19:36:17 1.26
--- www/errata56.html 2015/04/30 19:49:23 1.27
***************
*** 337,342 ****
--- 337,367 ----
A source code patch exists which remedies this problem.
+
+ 022: SECURITY FIX: April 30, 2015
+ All architectures
+ Malformed binaries could trigger kernel panics or view kernel memory.
+
+
+ A source code patch exists which remedies this problem.
+
+
+
+ 022: SECURITY FIX: April 30, 2015
+ All architectures
+ Multiple issues in tar/pax/cpio:
+
+ - extracting a malicious archive could create files outside of
+ the current directory without using pre-existing symlinks to 'escape',
+ and could change the timestamps and modes on preexisting files
+
- tar without -P would permit extraction of paths with ".." components
+
- there was a buffer overflow in the handling of pax extension headers
+
+
+
+ A source code patch exists which remedies this problem.
+
+