===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata56.html,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- www/errata56.html 2015/04/30 19:36:17 1.26
+++ www/errata56.html 2015/04/30 19:49:23 1.27
@@ -337,6 +337,31 @@
A source code patch exists which remedies this problem.
+
+022: SECURITY FIX: April 30, 2015
+ All architectures
+Malformed binaries could trigger kernel panics or view kernel memory.
+
+
+ A source code patch exists which remedies this problem.
+
+
+
+022: SECURITY FIX: April 30, 2015
+ All architectures
+Multiple issues in tar/pax/cpio:
+
+- extracting a malicious archive could create files outside of
+the current directory without using pre-existing symlinks to 'escape',
+and could change the timestamps and modes on preexisting files
+
- tar without -P would permit extraction of paths with ".." components
+
- there was a buffer overflow in the handling of pax extension headers
+
+
+
+ A source code patch exists which remedies this problem.
+
+