F-Secure
Tools
Ubuntu update for cpio
| Report ID: | SA32051 |
| Source: | Secunia |
| Date of Discovery: | 03.10.2008 |
| Criticality: | Negligible |
| Affects: | Ubuntu Linux 6.06 Ubuntu Linux 7.04 Ubuntu Linux 7.10 |
| Compromise From: | From remote |
| Compromise Type: | DoS |
Summary
Ubuntu has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Detailed Description
Ubuntu has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing specially crafted tar archives and can be exploited to cause a stack-based buffer overflow and crash the vulnerable application.
The vulnerability is caused due to an error when processing specially crafted tar archives and can be exploited to cause a stack-based buffer overflow and crash the vulnerable application.
Solution
Apply updated packages.
-- Ubuntu 6.06 LTS --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3.diff.gz
Size/MD5: 410699 897e47a353787824a28bda1097991559
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3.dsc
Size/MD5: 550 d2aa24f48103c70f12be33f7294baf8d
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6.orig.tar.gz
Size/MD5: 556018 76b4145f33df088a5bade3bf4373d17d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_amd64.deb
Size/MD5: 103172 28261384f4dbb4201ae3ecad7361f280
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_i386.deb
Size/MD5: 94196 b78101aaac890a244a835b45c400a91d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_powerpc.deb
Size/MD5: 103196 b40a0b8c7c866bd4d2cf7519b12d716a
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_sparc.deb
Size/MD5: 96740 2462b4543ccd3b03b6846246cc97ff2a
-- Ubuntu 7.04 --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1.diff.gz
Size/MD5: 460609 a3bcce318e104b941b22cbc0f71c5174
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1.dsc
Size/MD5: 569 525b21bd40294fbe826b49fe028708c9
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6.orig.tar.gz
Size/MD5: 556018 76b4145f33df088a5bade3bf4373d17d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_amd64.deb
Size/MD5: 103010 8e9ec28331d06646b742cfc17ae9114e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_i386.deb
Size/MD5: 97468 73731d39ac27aef0aa877988aaa1b931
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_powerpc.deb
Size/MD5: 106366 f7fd3f9680e69708c522628e55b187ab
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_sparc.deb
Size/MD5: 98544 162d787d7f348112fb0fb37c75dc428d
-- Ubuntu 7.10 --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2.diff.gz
Size/MD5: 9309 2e49f657e658d3625da48fb7a871b1a1
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2.dsc
Size/MD5: 756 565858b26f82dc113973769944ad1690
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8.orig.tar.gz
Size/MD5: 968134 0caa356e69e149fb49b76bacc64615a1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_amd64.deb
Size/MD5: 116028 1a22d0616279aa82e6f4e257bd3df974
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_i386.deb
Size/MD5: 107668 e4ef21359c746b204c3727deee719e38
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_lpia.deb
Size/MD5: 107782 5b9aa00bbea6ddf6518feb6818b733aa
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_powerpc.deb
Size/MD5: 119036 98b1fe38188f5455e1bf954ab7885fc2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_sparc.deb
Size/MD5: 109594 0054e1d76985bc0291ced0ecc1537fc0
-- Ubuntu 6.06 LTS --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3.diff.gz
Size/MD5: 410699 897e47a353787824a28bda1097991559
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3.dsc
Size/MD5: 550 d2aa24f48103c70f12be33f7294baf8d
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6.orig.tar.gz
Size/MD5: 556018 76b4145f33df088a5bade3bf4373d17d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_amd64.deb
Size/MD5: 103172 28261384f4dbb4201ae3ecad7361f280
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_i386.deb
Size/MD5: 94196 b78101aaac890a244a835b45c400a91d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_powerpc.deb
Size/MD5: 103196 b40a0b8c7c866bd4d2cf7519b12d716a
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_sparc.deb
Size/MD5: 96740 2462b4543ccd3b03b6846246cc97ff2a
-- Ubuntu 7.04 --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1.diff.gz
Size/MD5: 460609 a3bcce318e104b941b22cbc0f71c5174
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1.dsc
Size/MD5: 569 525b21bd40294fbe826b49fe028708c9
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6.orig.tar.gz
Size/MD5: 556018 76b4145f33df088a5bade3bf4373d17d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_amd64.deb
Size/MD5: 103010 8e9ec28331d06646b742cfc17ae9114e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_i386.deb
Size/MD5: 97468 73731d39ac27aef0aa877988aaa1b931
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_powerpc.deb
Size/MD5: 106366 f7fd3f9680e69708c522628e55b187ab
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_sparc.deb
Size/MD5: 98544 162d787d7f348112fb0fb37c75dc428d
-- Ubuntu 7.10 --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2.diff.gz
Size/MD5: 9309 2e49f657e658d3625da48fb7a871b1a1
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2.dsc
Size/MD5: 756 565858b26f82dc113973769944ad1690
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8.orig.tar.gz
Size/MD5: 968134 0caa356e69e149fb49b76bacc64615a1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_amd64.deb
Size/MD5: 116028 1a22d0616279aa82e6f4e257bd3df974
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_i386.deb
Size/MD5: 107668 e4ef21359c746b204c3727deee719e38
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_lpia.deb
Size/MD5: 107782 5b9aa00bbea6ddf6518feb6818b733aa
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_powerpc.deb
Size/MD5: 119036 98b1fe38188f5455e1bf954ab7885fc2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_sparc.deb
Size/MD5: 109594 0054e1d76985bc0291ced0ecc1537fc0
CVE Reference
CVE-2007-4476