A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with [More...]

Date:         Wed, 9 May 2007 15:10:27 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      Security ERRATA for SL4 cpio on i386/x86_64
Comments: To: scientific 
MIME-version: 1.0
Content-type: TEXT/PLAIN; format=flowed; charset=US-ASCII

Synopsis:          Low: cpio security and bug fix update
Issue date:        2007-05-01
CVE Names:         CVE-2005-4268


A buffer overflow was found in cpio on 64-bit platforms. By tricking a
user into adding a specially crafted large file to a cpio archive, a local
attacker may be able to exploit this flaw to execute arbitrary code with
the target user's privileges. (CVE-2005-4268)


SRPMS:
 	cpio-2.5-13.RHEL4.src.rpm

i386:
 	cpio-2.5-13.RHEL4.i386.rpm

x86_64:
 	cpio-2.5-13.RHEL4.x86_64.rpm

-Connie Sieh
-Troy Dawson