This bug was fixed in the package cpio - 2.6-17ubuntu0.7.04.1
---------------
cpio (2.6-17ubuntu0.7.04.1) feisty-security; urgency=low
* SECURITY UPDATE: Buffer overflow in the safer_name_suffix function in GNU
cpio has unspecified attack vectors and impact, resulting in a "crashing
stack."
* src/copyin.c: patch copyin.c to correct an allocation weakness in
safer_name_suffix() which could lead to a crash. Thanks to Stephan Hermann
* References:
CVE-2007-4476
LP: #161173
-- Jamie Strandboge <[EMAIL PROTECTED]> Mon, 29 Sep 2008 16:58:13
-0500
--
[CVE-2007-4476] cpio is affected by this CVE as tar.
https://bugs.launchpad.net/bugs/161173
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
