GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability

GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability

References:

Bugzilla Bug 280961: CVE-2007-4476 tar/cpio stack crashing in safer_name_suffix (Red Hat)
[Bug-cpio] [PATCH] lib/paxnames.c: Do not use alloca to avoid stack over (Dmitry V. Levin)
cpio Home Page (GNU)
GNU tar Homepage (GNU)
ASA-2010-133 (Avaya)
ASA-2010-138 cpio security update (RHSA-2010-0144) (Avaya)
Two Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Ov (Sun Microsystems)

Privacy Statement
Copyright 2010, SecurityFocus