1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA32051

Ubuntu update for cpio

Report ID: SA32051
Source: Secunia
Date of Discovery: 03.10.2008
Criticality: Negligible
Affects:
Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Compromise From: From remote
Compromise Type: DoS

Summary

Ubuntu has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Detailed Description

Ubuntu has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing specially crafted tar archives and can be exploited to cause a stack-based buffer overflow and crash the vulnerable application.

Solution

Apply updated packages.

-- Ubuntu 6.06 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3.diff.gz
Size/MD5: 410699 897e47a353787824a28bda1097991559
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3.dsc
Size/MD5: 550 d2aa24f48103c70f12be33f7294baf8d
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6.orig.tar.gz
Size/MD5: 556018 76b4145f33df088a5bade3bf4373d17d

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_amd64.deb
Size/MD5: 103172 28261384f4dbb4201ae3ecad7361f280

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_i386.deb
Size/MD5: 94196 b78101aaac890a244a835b45c400a91d

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_powerpc.deb
Size/MD5: 103196 b40a0b8c7c866bd4d2cf7519b12d716a

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-10ubuntu0.3_sparc.deb
Size/MD5: 96740 2462b4543ccd3b03b6846246cc97ff2a

-- Ubuntu 7.04 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1.diff.gz
Size/MD5: 460609 a3bcce318e104b941b22cbc0f71c5174
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1.dsc
Size/MD5: 569 525b21bd40294fbe826b49fe028708c9
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6.orig.tar.gz
Size/MD5: 556018 76b4145f33df088a5bade3bf4373d17d

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_amd64.deb
Size/MD5: 103010 8e9ec28331d06646b742cfc17ae9114e

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_i386.deb
Size/MD5: 97468 73731d39ac27aef0aa877988aaa1b931

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_powerpc.deb
Size/MD5: 106366 f7fd3f9680e69708c522628e55b187ab

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.6-17ubuntu0.7.04.1_sparc.deb
Size/MD5: 98544 162d787d7f348112fb0fb37c75dc428d

-- Ubuntu 7.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2.diff.gz
Size/MD5: 9309 2e49f657e658d3625da48fb7a871b1a1
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2.dsc
Size/MD5: 756 565858b26f82dc113973769944ad1690
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8.orig.tar.gz
Size/MD5: 968134 0caa356e69e149fb49b76bacc64615a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_amd64.deb
Size/MD5: 116028 1a22d0616279aa82e6f4e257bd3df974

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_i386.deb
Size/MD5: 107668 e4ef21359c746b204c3727deee719e38

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_lpia.deb
Size/MD5: 107782 5b9aa00bbea6ddf6518feb6818b733aa

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_powerpc.deb
Size/MD5: 119036 98b1fe38188f5455e1bf954ab7885fc2

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.8-1ubuntu2.2_sparc.deb
Size/MD5: 109594 0054e1d76985bc0291ced0ecc1537fc0

CVE Reference

CVE-2007-4476