This bug was fixed in the package cpio - 2.8-1ubuntu2.2
---------------
cpio (2.8-1ubuntu2.2) gutsy-security; urgency=low
* SECURITY UPDATE: Buffer overflow in the safer_name_suffix function in GNU
cpio has unspecified attack vectors and impact, resulting in a "crashing
stack."
* patch paxnames.c to correct an allocation weakness in safer_name_suffix()
which could lead to a crash. Thanks to Stephan Hermann
* References:
CVE-2007-4476
LP: #161173
-- Jamie Strandboge <[EMAIL PROTECTED]> Mon, 29 Sep 2008 16:58:13
-0500
** Changed in: cpio (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
** Changed in: cpio (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
[CVE-2007-4476] cpio is affected by this CVE as tar.
https://bugs.launchpad.net/bugs/161173
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
