[SECURITY] Fedora 8 Update: cpio-2.9-5.fc8

updates at fedoraproject.org updates at fedoraproject.org
Tue Nov 6 16:08:26 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2827
2007-11-06 16:08:22.272206
--------------------------------------------------------------------------------

Name        : cpio
Product     : Fedora 8
Version     : 2.9
Release     : 5.fc8
URL         : http://www.gnu.org/software/cpio/
Summary     : A GNU archiving program
Description :
GNU cpio copies files into or out of a cpio or tar archive.  Archives
are files which contain a collection of other files plus information
about them, such as their file name, owner, timestamps, and access
permissions.  The archive can be another file on the disk, a magnetic
tape, or a pipe.  GNU cpio supports the following archive formats:  binary,
old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1
tar.  By default, cpio creates binary format archives, so that they are
compatible with older cpio programs.  When it is extracting files from
archives, cpio automatically recognizes which kind of archive it is reading
and can read archives created on machines with a different byte-order.

Install cpio if you need a program to manage file archives.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  1 2007 Radek Brich <rbrich at redhat.com> 2.9-5
- upstream patch for CVE-2007-4476 (stack crashing in safer_name_suffix)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #280961 - CVE-2007-4476 tar stack crashing in safer_name_suffix
        https://bugzilla.redhat.com/show_bug.cgi?id=280961
  [ 2 ] Bug #363891 - CVE-2007-4476 cpio stack crashing in safer_name_suffix [F8]
        https://bugzilla.redhat.com/show_bug.cgi?id=363891
  [ 3 ] CVE-2007-4476
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476
--------------------------------------------------------------------------------
Updated packages:

5a03fa8c30afdb5afbb89527f2763e256cd78681 cpio-2.9-5.fc8.ppc64.rpm
13ffbbf85b37b1a2173cc4b2d71e9553dfb38fa0 cpio-debuginfo-2.9-5.fc8.ppc64.rpm
4b8b964ba6fbec04c4472a702c7fbe863c53d092 cpio-debuginfo-2.9-5.fc8.i386.rpm
c7b5210fcec13ed27360651b3583d72a98d61896 cpio-2.9-5.fc8.i386.rpm
d34aeb9ce19da6881ccd8a27e17039ae3424ad30 cpio-debuginfo-2.9-5.fc8.x86_64.rpm
bf17483fa3f658e3cb6c0108017847b24ac0c491 cpio-2.9-5.fc8.x86_64.rpm
2559b264f62acbd5c3343eddbe5e95b96cb3ba1b cpio-debuginfo-2.9-5.fc8.ppc.rpm
bd8327a28fbe7509606ad21b9f7346e7c8e006b2 cpio-2.9-5.fc8.ppc.rpm
38bb73880286d31572b35a979f801aeb3171f83a cpio-2.9-5.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cpio' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list