===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata57.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- www/errata57.html 2015/04/30 19:45:14 1.9
+++ www/errata57.html 2015/04/30 19:49:23 1.10
@@ -145,6 +145,31 @@
A source code patch exists which remedies this problem.
+
+022: SECURITY FIX: April 30, 2015
+ All architectures
+Malformed binaries could trigger kernel panics or view kernel memory.
+
+
+ A source code patch exists which remedies this problem.
+
+
+
+022: SECURITY FIX: April 30, 2015
+ All architectures
+Multiple issues in tar/pax/cpio:
+
+- extracting a malicious archive could create files outside of
+the current directory without using pre-existing symlinks to 'escape',
+and could change the timestamps and modes on preexisting files
+
- tar without -P would permit extraction of paths with ".." components
+
- there was a buffer overflow in the handling of pax extension headers
+
+
+
+ A source code patch exists which remedies this problem.
+
+