RedHat: Low: cpio security and bug fix update
Summary
Summary
GNU cpio copies files into or out of a cpio or tar archive. A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with the target user's privileges. (CVE-2005-4268) This erratum also addresses the following bugs: * cpio did not set exit codes appropriately. * cpio did not create a ram disk properly. All users of cpio are advised to upgrade to this updated package, which contains backported fixes to correct these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
172865 - CVE-2005-4268 cpio large filesize buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
72e927324438473ed3de93d31b1092b8 cpio-2.5-13.RHEL4.src.rpm
i386:
34fcfdfabd7d7272ba82ae717ed681db cpio-2.5-13.RHEL4.i386.rpm
f7e679ed314b0f18dfda8dea57585722 cpio-debuginfo-2.5-13.RHEL4.i386.rpm
ia64:
d2c0c27a343258eba84b3b84536a28bd cpio-2.5-13.RHEL4.ia64.rpm
e305d5dd56b40477660e6b47f6c5e3db cpio-debuginfo-2.5-13.RHEL4.ia64.rpm
ppc:
a693c658d90dbc54c4eb72603cd3680c cpio-2.5-13.RHEL4.ppc.rpm
1152f5d0e1b329a3826f07db7cdf4069 cpio-debuginfo-2.5-13.RHEL4.ppc.rpm
s390:
727190b7208a1a38747d686ead2dd43d cpio-2.5-13.RHEL4.s390.rpm
6dd80d512c82c74cf11334c85a89c9c5 cpio-debuginfo-2.5-13.RHEL4.s390.rpm
s390x:
46dda77012cb216ed1e324e3fcb1025b cpio-2.5-13.RHEL4.s390x.rpm
f93d3fa1b42ddd3f5e94392bbbcdf088 cpio-debuginfo-2.5-13.RHEL4.s390x.rpm
x86_64:
5d7496ce80a871ae437c9a0c51e34bdc cpio-2.5-13.RHEL4.x86_64.rpm
75c525eaecdbd397e5deb32c9aca651c cpio-debuginfo-2.5-13.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
72e927324438473ed3de93d31b1092b8 cpio-2.5-13.RHEL4.src.rpm
i386:
34fcfdfabd7d7272ba82ae717ed681db cpio-2.5-13.RHEL4.i386.rpm
f7e679ed314b0f18dfda8dea57585722 cpio-debuginfo-2.5-13.RHEL4.i386.rpm
x86_64:
5d7496ce80a871ae437c9a0c51e34bdc cpio-2.5-13.RHEL4.x86_64.rpm
75c525eaecdbd397e5deb32c9aca651c cpio-debuginfo-2.5-13.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
72e927324438473ed3de93d31b1092b8 cpio-2.5-13.RHEL4.src.rpm
i386:
34fcfdfabd7d7272ba82ae717ed681db cpio-2.5-13.RHEL4.i386.rpm
f7e679ed314b0f18dfda8dea57585722 cpio-debuginfo-2.5-13.RHEL4.i386.rpm
ia64:
d2c0c27a343258eba84b3b84536a28bd cpio-2.5-13.RHEL4.ia64.rpm
e305d5dd56b40477660e6b47f6c5e3db cpio-debuginfo-2.5-13.RHEL4.ia64.rpm
x86_64:
5d7496ce80a871ae437c9a0c51e34bdc cpio-2.5-13.RHEL4.x86_64.rpm
75c525eaecdbd397e5deb32c9aca651c cpio-debuginfo-2.5-13.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
72e927324438473ed3de93d31b1092b8 cpio-2.5-13.RHEL4.src.rpm
i386:
34fcfdfabd7d7272ba82ae717ed681db cpio-2.5-13.RHEL4.i386.rpm
f7e679ed314b0f18dfda8dea57585722 cpio-debuginfo-2.5-13.RHEL4.i386.rpm
ia64:
d2c0c27a343258eba84b3b84536a28bd cpio-2.5-13.RHEL4.ia64.rpm
e305d5dd56b40477660e6b47f6c5e3db cpio-debuginfo-2.5-13.RHEL4.ia64.rpm
x86_64:
5d7496ce80a871ae437c9a0c51e34bdc cpio-2.5-13.RHEL4.x86_64.rpm
75c525eaecdbd397e5deb32c9aca651c cpio-debuginfo-2.5-13.RHEL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268 http://www.redhat.com/security/updates/classification/#low
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Bugs Fixed