On Mon, Nov 05, 2007 at 10:57:00PM +1100, Steffen Joeris wrote:
> Just to clarify, from what I could see the pax code is compiled into the
> libcpio. Isn't the library used?
> The code does not have the new additional stuff from tar, but you might be
> right, if it is not used. Sorry for the shor
Hi!
In Fedora/RHEL, both cpio 2.6 and 2.9 versions were affected. You may
want to check:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-4476
http://koji.fedoraproject.org/koji/packageinfo?packageID=637
http://cvs.fedora.redhat.com/viewcvs/rpms/cpio/F-8/
for patches that were used in
Hi
Thanks for the fast answer.
> The patch does not apply cleanly (hunk #1 fails even if the filename is
> changed to lib/paxnames.c ).
>
> Furthermore, a quick glance suggests to me that this code isn't actually
> being used. Am I wrong?
Just to clarify, from what I could see the pax code is com
On Sun, Nov 04, 2007 at 06:21:34PM +1100, Steffen Joeris wrote:
> The following CVE[0] was issued for tar, but it seems that cpio is also
> affected.
>
> CVE-2007-4476:
>
> Buffer overflow in the safer_name_suffix function in GNU tar has
> unspecified attack vectors and impact, resulting in a "cr
Package: cpio
Version: 2.9-4
Severity: important
Tags: security
Hi
The following CVE[0] was issued for tar, but it seems that cpio is also
affected.
CVE-2007-4476:
Buffer overflow in the safer_name_suffix function in GNU tar has
unspecified attack vectors and impact, resulting in a "crashing st
5 matches
Mail list logo
