[Bug 161173] Re: [CVE-2007-4476] cpio is affected by this CVE as tar.

Launchpad Bug Tracker Thu, 02 Oct 2008 11:12:14 -0700

This bug was fixed in the package cpio - 2.6-17ubuntu0.7.04.1

---------------
cpio (2.6-17ubuntu0.7.04.1) feisty-security; urgency=low


  * SECURITY UPDATE: Buffer overflow in the safer_name_suffix function in GNU
    cpio has unspecified attack vectors and impact, resulting in a "crashing
    stack."
  * src/copyin.c: patch copyin.c to correct an allocation weakness in
    safer_name_suffix() which could lead to a crash. Thanks to Stephan Hermann
  * References:
    CVE-2007-4476
    LP: #161173

 -- Jamie Strandboge <[EMAIL PROTECTED]>   Mon, 29 Sep 2008 16:58:13
-0500

-- 
[CVE-2007-4476] cpio is affected by this CVE as tar.
https://bugs.launchpad.net/bugs/161173
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 161173] Re: [CVE-2007-4476] cpio is affected by this CVE as tar.

Reply via email to