[SECURITY] Fedora 7 Update: cpio-2.6-28.fc7

updates at fedoraproject.org updates at fedoraproject.org
Mon Nov 5 15:06:17 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2744
2007-11-05 15:06:12.486630
--------------------------------------------------------------------------------

Name        : cpio
Product     : Fedora 7
Version     : 2.6
Release     : 28.fc7
URL         : http://www.gnu.org/software/cpio/
Summary     : A GNU archiving program
Description :
GNU cpio copies files into or out of a cpio or tar archive.  Archives
are files which contain a collection of other files plus information
about them, such as their file name, owner, timestamps, and access
permissions.  The archive can be another file on the disk, a magnetic
tape, or a pipe.  GNU cpio supports the following archive formats:  binary,
old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1
tar.  By default, cpio creates binary format archives, so that they are
compatible with older cpio programs.  When it is extracting files from
archives, cpio automatically recognizes which kind of archive it is reading
and can read archives created on machines with a different byte-order.

Install cpio if you need a program to manage file archives.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov  2 2007 Radek Brich <rbrich at redhat.com> 2.6-28
- patch for CVE-2007-4476 (stack crashing in safer_name_suffix)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #280961 - CVE-2007-4476 tar stack crashing in safer_name_suffix
        https://bugzilla.redhat.com/show_bug.cgi?id=280961
  [ 2 ] Bug #363891 - CVE-2007-4476 cpio stack crashing in safer_name_suffix [F8]
        https://bugzilla.redhat.com/show_bug.cgi?id=363891
  [ 3 ] CVE-2007-4476
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476
--------------------------------------------------------------------------------
Updated packages:

911f30a11bdf2238f1a50b91f83d7d21d9455978 cpio-2.6-28.fc7.ppc64.rpm
2383a135ea76390668742d1bb2a9aa6c70ecb544 cpio-debuginfo-2.6-28.fc7.ppc64.rpm
381a54fed92cf24e362591c12d7162bc96d71817 cpio-2.6-28.fc7.i386.rpm
13c531c898880bc6e3819485551320f85fd8c766 cpio-debuginfo-2.6-28.fc7.i386.rpm
c83be5c1d1f000d648cf869eba2c15c521461305 cpio-debuginfo-2.6-28.fc7.x86_64.rpm
893d61604221551311f239895200d7c41cd5e104 cpio-2.6-28.fc7.x86_64.rpm
e6bb3ed461f30731455796b159fb7b694eff4c29 cpio-debuginfo-2.6-28.fc7.ppc.rpm
74d248d2291c172085b1917e88b685f6d7dcfe09 cpio-2.6-28.fc7.ppc.rpm
96e481bdd62838bfcb95376d1c0d1333a4b8cd96 cpio-2.6-28.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cpio' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list