(RHSA-2010:0144) Moderate: cpio security update

2010-03-1500:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

86.7%

JSON

GNU cpio copies files into or out of a cpio or tar archive.

A heap-based buffer overflow flaw was found in the way cpio expanded
archive files. If a user were tricked into expanding a specially-crafted
archive, it could cause the cpio executable to crash or execute arbitrary
code with the privileges of the user running cpio. (CVE-2010-0624)

Red Hat would like to thank Jakob Lell for responsibly reporting the
CVE-2010-0624 issue.

A denial of service flaw was found in the way cpio expanded archive files.
If a user expanded a specially-crafted archive, it could cause the cpio
executable to crash. (CVE-2007-4476)

Users of cpio are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5s390xcpio< 2.6-23.el5_4.1cpio-2.6-23.el5_4.1.s390x.rpm
RedHat5srccpio< 2.6-23.el5_4.1cpio-2.6-23.el5_4.1.src.rpm
RedHat5ia64cpio< 2.6-23.el5_4.1cpio-2.6-23.el5_4.1.ia64.rpm
RedHat5i386cpio< 2.6-23.el5_4.1cpio-2.6-23.el5_4.1.i386.rpm
RedHat5ppccpio< 2.6-23.el5_4.1cpio-2.6-23.el5_4.1.ppc.rpm
RedHat5x86_64cpio< 2.6-23.el5_4.1cpio-2.6-23.el5_4.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	s390x	cpio	< 2.6-23.el5_4.1	cpio-2.6-23.el5_4.1.s390x.rpm
RedHat	5	src	cpio	< 2.6-23.el5_4.1	cpio-2.6-23.el5_4.1.src.rpm
RedHat	5	ia64	cpio	< 2.6-23.el5_4.1	cpio-2.6-23.el5_4.1.ia64.rpm
RedHat	5	i386	cpio	< 2.6-23.el5_4.1	cpio-2.6-23.el5_4.1.i386.rpm
RedHat	5	ppc	cpio	< 2.6-23.el5_4.1	cpio-2.6-23.el5_4.1.ppc.rpm
RedHat	5	x86_64	cpio	< 2.6-23.el5_4.1	cpio-2.6-23.el5_4.1.x86_64.rpm