Skip to navigation

Security Advisory cpio security update

Advisory: RHSA-2005:378-17
Type: Security Advisory
Severity: Low
Issued on: 2005-07-21
Last updated on: 2005-07-21
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-1111

Details

An updated cpio package that fixes multiple issues is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

GNU cpio copies files into or out of a cpio or tar archive.

A race condition bug was found in cpio. It is possible for a local
malicious user to modify the permissions of a local file if they have write
access to a directory in which a cpio archive is being extracted. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1111 to this issue.

Additionally, this update adds cpio support for archives larger than 2GB.
However, the size of individual files within an archive is limited to 4GB.

All users of cpio are advised to upgrade to this updated package, which
contains backported fixes for these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
cpio-2.5-4.RHEL3.src.rpm
File outdated by:  RHSA-2010:0145
    MD5: e5f2a621ca4099de80ad451722fbf17f
 
IA-32:
cpio-2.5-4.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0145
    MD5: 6d24e863541e94a83322c2c2f9a7cf01
 
x86_64:
cpio-2.5-4.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0145
    MD5: e8c3dc0c74a04b6d42bcb9af63a0e3f3
 
Red Hat Desktop (v. 4)

SRPMS:
cpio-2.5-8.RHEL4.src.rpm
File outdated by:  RHSA-2010:0143
    MD5: 17b4f342a3b3aaa3d47b06b420b6950f
 
IA-32:
cpio-2.5-8.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0143
    MD5: e275d9014ba5e817b821597548f73d20
 
x86_64:
cpio-2.5-8.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0143
    MD5: ce03220243730632bbfdad24ee340b8d
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
cpio-2.5-4.RHEL3.src.rpm
File outdated by:  RHSA-2010:0145
    MD5: e5f2a621ca4099de80ad451722fbf17f
 
IA-32:
cpio-2.5-4.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0145
    MD5: 6d24e863541e94a83322c2c2f9a7cf01
 
IA-64:
cpio-2.5-4.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0145
    MD5: e7d62ac8c85bdf8e6292ff6d6b167069
 
PPC:
cpio-2.5-4.RHEL3.ppc.rpm
File outdated by:  RHSA-2010:0145
    MD5: 387a870467065f058f2dc75e0b4088d6
 
s390:
cpio-2.5-4.RHEL3.s390.rpm
File outdated by:  RHSA-2010:0145
    MD5: fe8d12ebe4e78abe460a7c062eac777f
 
s390x:
cpio-2.5-4.RHEL3.s390x.rpm
File outdated by:  RHSA-2010:0145
    MD5: 7f78260811bb7a827b436d1f19a5b780
 
x86_64:
cpio-2.5-4.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0145
    MD5: e8c3dc0c74a04b6d42bcb9af63a0e3f3
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
cpio-2.5-8.RHEL4.src.rpm
File outdated by:  RHSA-2010:0143
    MD5: 17b4f342a3b3aaa3d47b06b420b6950f
 
IA-32:
cpio-2.5-8.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0143
    MD5: e275d9014ba5e817b821597548f73d20
 
IA-64:
cpio-2.5-8.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0143
    MD5: f433780eb69c44dbe0cdd9ebca0c2ab6
 
PPC:
cpio-2.5-8.RHEL4.ppc.rpm
File outdated by:  RHSA-2010:0143
    MD5: 8b2602b1cd384a24e881b0c1c5100fe3
 
s390:
cpio-2.5-8.RHEL4.s390.rpm
File outdated by:  RHSA-2010:0143
    MD5: 135b9dca6dac52f3889b0b06bcebd118
 
s390x:
cpio-2.5-8.RHEL4.s390x.rpm
File outdated by:  RHSA-2010:0143
    MD5: 64df4fdcf4219ebfc5b7d1559150765e
 
x86_64:
cpio-2.5-8.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0143
    MD5: ce03220243730632bbfdad24ee340b8d
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
cpio-2.5-4.RHEL3.src.rpm
File outdated by:  RHSA-2010:0145
    MD5: e5f2a621ca4099de80ad451722fbf17f
 
IA-32:
cpio-2.5-4.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0145
    MD5: 6d24e863541e94a83322c2c2f9a7cf01
 
IA-64:
cpio-2.5-4.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0145
    MD5: e7d62ac8c85bdf8e6292ff6d6b167069
 
x86_64:
cpio-2.5-4.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0145
    MD5: e8c3dc0c74a04b6d42bcb9af63a0e3f3
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
cpio-2.5-8.RHEL4.src.rpm
File outdated by:  RHSA-2010:0143
    MD5: 17b4f342a3b3aaa3d47b06b420b6950f
 
IA-32:
cpio-2.5-8.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0143
    MD5: e275d9014ba5e817b821597548f73d20
 
IA-64:
cpio-2.5-8.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0143
    MD5: f433780eb69c44dbe0cdd9ebca0c2ab6
 
x86_64:
cpio-2.5-8.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0143
    MD5: ce03220243730632bbfdad24ee340b8d
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
cpio-2.5-4.RHEL3.src.rpm
File outdated by:  RHSA-2010:0145
    MD5: e5f2a621ca4099de80ad451722fbf17f
 
IA-32:
cpio-2.5-4.RHEL3.i386.rpm
File outdated by:  RHSA-2010:0145
    MD5: 6d24e863541e94a83322c2c2f9a7cf01
 
IA-64:
cpio-2.5-4.RHEL3.ia64.rpm
File outdated by:  RHSA-2010:0145
    MD5: e7d62ac8c85bdf8e6292ff6d6b167069
 
x86_64:
cpio-2.5-4.RHEL3.x86_64.rpm
File outdated by:  RHSA-2010:0145
    MD5: e8c3dc0c74a04b6d42bcb9af63a0e3f3
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
cpio-2.5-8.RHEL4.src.rpm
File outdated by:  RHSA-2010:0143
    MD5: 17b4f342a3b3aaa3d47b06b420b6950f
 
IA-32:
cpio-2.5-8.RHEL4.i386.rpm
File outdated by:  RHSA-2010:0143
    MD5: e275d9014ba5e817b821597548f73d20
 
IA-64:
cpio-2.5-8.RHEL4.ia64.rpm
File outdated by:  RHSA-2010:0143
    MD5: f433780eb69c44dbe0cdd9ebca0c2ab6
 
x86_64:
cpio-2.5-8.RHEL4.x86_64.rpm
File outdated by:  RHSA-2010:0143
    MD5: ce03220243730632bbfdad24ee340b8d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

105617 - cpio does not support large files > 2GB
144688 - cpio fails to unpack initrd on ppc
154507 - 511278 - needs fix for RHEL 4 on cpio bugzilla 105617
155749 - CAN-2005-1111 Race condition in cpio


References


Keywords

cpio, umask


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/