Bug#449222: CVE-2007-4476: Buffer overflow
Hi Thanks for the fast answer. The patch does not apply cleanly (hunk #1 fails even if the filename is changed to lib/paxnames.c ). Furthermore, a quick glance suggests to me that this code isn't actually being used. Am I wrong? Just to clarify, from what I could see the pax code is compiled into the libcpio. Isn't the library used? The code does not have the new additional stuff from tar, but you might be right, if it is not used. Sorry for the short reply, once I finish my last exam, I will try to have a deeper look. But please feel free to tell me, if and why the code is not used, saves time :) Thanks for your efforts. Cheers Steffen signature.asc Description: This is a digitally signed message part.
Bug#449222: CVE-2007-4476: Buffer overflow
Hi! In Fedora/RHEL, both cpio 2.6 and 2.9 versions were affected. You may want to check: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-4476 http://koji.fedoraproject.org/koji/packageinfo?packageID=637 http://cvs.fedora.redhat.com/viewcvs/rpms/cpio/F-8/ for patches that were used in Fedora cpio packages. Also note that cpio 2.9 seems to assume --absolute-filenames by default. HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#449222: CVE-2007-4476: Buffer overflow
On Mon, Nov 05, 2007 at 10:57:00PM +1100, Steffen Joeris wrote: Just to clarify, from what I could see the pax code is compiled into the libcpio. Isn't the library used? The code does not have the new additional stuff from tar, but you might be right, if it is not used. Sorry for the short reply, once I finish my last exam, I will try to have a deeper look. But please feel free to tell me, if and why the code is not used, saves time :) Thanks for your efforts. Sorry, I overlooked cpio_safer_name_suffix calling safer_name_suffix. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#449222: CVE-2007-4476: Buffer overflow
Package: cpio Version: 2.9-4 Severity: important Tags: security Hi The following CVE[0] was issued for tar, but it seems that cpio is also affected. CVE-2007-4476: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack. You can find a patch in the tar bugreport[1]. The code in question can be found in lib/paxnames.c . When you fix this, please mention the CVE id in your changelog. Thanks for your efforts. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476 [1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#449222: CVE-2007-4476: Buffer overflow
On Sun, Nov 04, 2007 at 06:21:34PM +1100, Steffen Joeris wrote: The following CVE[0] was issued for tar, but it seems that cpio is also affected. CVE-2007-4476: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack. You can find a patch in the tar bugreport[1]. The code in question can be found in lib/paxnames.c . The patch does not apply cleanly (hunk #1 fails even if the filename is changed to lib/paxnames.c ). Furthermore, a quick glance suggests to me that this code isn't actually being used. Am I wrong? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]