(RHSA-2007:0245) Low: cpio security and bug fix update

2007-05-01T04:00:00
ID RHSA-2007:0245
Type redhat
Reporter RedHat
Modified 2017-09-08T12:14:17

Description

GNU cpio copies files into or out of a cpio or tar archive.

A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with the target user's privileges. (CVE-2005-4268)

This erratum also addresses the following bugs:

  • cpio did not set exit codes appropriately.

  • cpio did not create a ram disk properly.

All users of cpio are advised to upgrade to this updated package, which contains backported fixes to correct these issues.