MDKSA-2005:237

Package name

cpio

Date

2005-12-23

Advisory ID

MDKSA-2005:237

Affected versions

2006.0 i586 , 10.2 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local
user to create a DoS (crash) and possibly execute arbitrary code when
creating a cpio archive with a file whose size is represented by more
than 8 digits.

The updated packages have been patched to correct these problems.

Updated packages

2006.0 i586

 571d79d56efac2687713e63180f10049  2006.0/RPMS/cpio-2.6-5.1.20060mdk.i586.rpm
 998e92b468e495d779efd10daacae3ad  2006.0/SRPMS/cpio-2.6-5.1.20060mdk.src.rpm

10.2 i586

 b0400cb8878a93cc4e4d4326a0a46641  10.2/RPMS/cpio-2.6-3.3.102mdk.i586.rpm
 ad70b46181e5a9ae2ca7ed97bb2c3853  10.2/SRPMS/cpio-2.6-3.3.102mdk.src.rpm

10.2 x86_64

 0a7ca9d0d1de932219a76dcee4195ff8  x86_64/10.2/RPMS/cpio-2.6-3.3.102mdk.x86_64.rpm
 ad70b46181e5a9ae2ca7ed97bb2c3853  x86_64/10.2/SRPMS/cpio-2.6-3.3.102mdk.src.rpm

2006.0 x86_64

 0bd4e5c9d85826c706232e21d3393317  x86_64/2006.0/RPMS/cpio-2.6-5.1.20060mdk.x86_64.rpm
 998e92b468e495d779efd10daacae3ad  x86_64/2006.0/SRPMS/cpio-2.6-5.1.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268