Red Hat Product Errata RHSA-2007:0245 - Security Advisory

Issued:: 2007-05-01
Updated:: 2007-05-01

RHSA-2007:0245 - Security Advisory

Overview
Updated Packages

Synopsis

Low: cpio security and bug fix update

Type/Severity

Security Advisory: Low

Topic

An updated cpio package that fixes a security issue and various bugs is now
available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

GNU cpio copies files into or out of a cpio or tar archive.

A buffer overflow was found in cpio on 64-bit platforms. By tricking a
user into adding a specially crafted large file to a cpio archive, a local
attacker may be able to exploit this flaw to execute arbitrary code with
the target user's privileges. (CVE-2005-4268)

This erratum also addresses the following bugs:

cpio did not set exit codes appropriately.
cpio did not create a ram disk properly.

All users of cpio are advised to upgrade to this updated package, which
contains backported fixes to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 172865 - CVE-2005-4268 cpio large filesize buffer overflow

CVEs

CVE-2005-4268

References

http://www.redhat.com/security/updates/classification/#low

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
cpio-2.5-13.RHEL4.ppc.rpm	SHA-256: 4bff87672abcc2e5552f3d43da6889baeea93142e22a331239b23a1a40e25ef5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Support

Services

Knowledge

Ecosystem

Red Hat Customer Portal Labs

Additional Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Discussions

Blogs

Customer Events

Stories