- Package name
- Advisory ID
- Affected versions
- 10.1 i586 , 10.1 x86_64
A vulnerability in cpio was discovered where cpio would create world- writeable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user. Update: The updated cpio packages for 10.1, while they would install with urpmi on the commandline, would not install via rpmdrake. The updated packages correct that.
a298815e1095a9d67216de7a03b165fd 10.1/RPMS/cpio-2.5-4.2.101mdk.i586.rpm 803ce098932b51a8c6e67d240b8de436 10.1/SRPMS/cpio-2.5-4.2.101mdk.src.rpm
294436bfdb9d38edf1e8435ab2875a6a x86_64/10.1/RPMS/cpio-2.5-4.2.101mdk.x86_64.rpm 803ce098932b51a8c6e67d240b8de436 x86_64/10.1/SRPMS/cpio-2.5-4.2.101mdk.src.rpm