(RHSA-2010:0143) Moderate: cpio security update

2010-03-1500:00:00

access.redhat.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

86.7%

JSON

GNU cpio copies files into or out of a cpio or tar archive.

A heap-based buffer overflow flaw was found in the way cpio expanded
archive files. If a user were tricked into expanding a specially-crafted
archive, it could cause the cpio executable to crash or execute arbitrary
code with the privileges of the user running cpio. (CVE-2010-0624)

Red Hat would like to thank Jakob Lell for responsibly reporting this
issue.

Users of cpio are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat4s390cpio< 2.5-16.el4_8.1cpio-2.5-16.el4_8.1.s390.rpm
RedHat4ia64cpio< 2.5-16.el4_8.1cpio-2.5-16.el4_8.1.ia64.rpm
RedHat4i386cpio< 2.5-16.el4_8.1cpio-2.5-16.el4_8.1.i386.rpm
RedHat4s390xcpio< 2.5-16.el4_8.1cpio-2.5-16.el4_8.1.s390x.rpm
RedHat4x86_64cpio< 2.5-16.el4_8.1cpio-2.5-16.el4_8.1.x86_64.rpm
RedHat4srccpio< 2.5-16.el4_8.1cpio-2.5-16.el4_8.1.src.rpm
RedHat4ppccpio< 2.5-16.el4_8.1cpio-2.5-16.el4_8.1.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	4	s390	cpio	< 2.5-16.el4_8.1	cpio-2.5-16.el4_8.1.s390.rpm
RedHat	4	ia64	cpio	< 2.5-16.el4_8.1	cpio-2.5-16.el4_8.1.ia64.rpm
RedHat	4	i386	cpio	< 2.5-16.el4_8.1	cpio-2.5-16.el4_8.1.i386.rpm
RedHat	4	s390x	cpio	< 2.5-16.el4_8.1	cpio-2.5-16.el4_8.1.s390x.rpm
RedHat	4	x86_64	cpio	< 2.5-16.el4_8.1	cpio-2.5-16.el4_8.1.x86_64.rpm
RedHat	4	src	cpio	< 2.5-16.el4_8.1	cpio-2.5-16.el4_8.1.src.rpm
RedHat	4	ppc	cpio	< 2.5-16.el4_8.1	cpio-2.5-16.el4_8.1.ppc.rpm