[CVE-2007-4476] cpio is affected by this CVE as tar.
Bug #161173 reported by
Stephan Rügamer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fedora |
Fix Released
|
Low
|
|||
cpio (Ubuntu) |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Dapper |
Fix Released
|
Undecided
|
Unassigned | ||
Edgy |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: cpio
Dear Colleagues,
cpio has the same security issue like tar, as explained in CVE-2007-4476.
Buffer overflow in the safer_name_suffix function in GNU tar has
unspecified attack vectors and impact, resulting in a "crashing stack."
I'll provide some security updates for dapper, edgy, feisty, gutsy as well a merge for the latest hardy upload.
Regards,
\sh
CVE References
Changed in cpio: | |
status: | New → In Progress |
Changed in cpio: | |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
Changed in fedora: | |
importance: | Unknown → Low |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4476
to the following vulnerability:
Bug in the safer_name_suffix function in GNU tar may lead to a "crashing
stack". It can be used to crash tar while extracting archive containing file
with long name containing unsafe prefix.
Affected function is also part of cpio source code.
References:
http:// www.novell. com/linux/ security/ advisories/ 2007_18_ sr.html lists.gnu. org/archive/ html/bug- cpio/2007- 08/msg00002. html
http://