Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Red Hat: RHSA-2005:806-01 Low: Cpio Permissions Problem

red hat
Calendar Grey November 10, 2005
Dist Redhat Esm H88
Minor security patch released for the tar tool by Canonical, tackling severe vulnerabilities involving access rights.
An updated cpio package that fixes multiple issues is now available

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

169760 - CVE-2005-1111 Race condition in cpio 172191 - CVE-1999-1572 cpio insecure file creation


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: fb1356ef5473ad0fc59ef0e3b1763e25 cpio-2.4.2-25.src.rpm

i386: 661957107d50447b2bd13a83713b7d92 cpio-2.4.2-25.i386.rpm

ia64: c49084cb373e105cdba632f58c7f2d3f cpio-2.4.2-25.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: fb1356ef5473ad0fc59ef0e3b1763e25 cpio-2.4.2-25.src.rpm

ia64: c49084cb373e105cdba632f58c7f2d3f cpio-2.4.2-25.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: fb1356ef5473ad0fc59ef0e3b1763e25 cpio-2.4.2-25.src.rpm

i386: 661957107d50447b2bd13a83713b7d92 cpio-2.4.2-25.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: fb1356ef5473ad0fc59ef0e3b1763e25 cpio-2.4.2-25.src.rpm

i386: 661957107d50447b2bd13a83713b7d92 cpio-2.4.2-25.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-1999-1572 https://www.cve.org/CVERecord?id=CVE-2005-1111

Package List


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2005:806-01
Issue date: 2005-11-10
Updated on: 2005-11-10
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here