Ubuntu
cpio package

[CVE-2007-4476] cpio is affected by this CVE as tar.

Bug #161173 reported by Stephan Rügamer
266
Affects Status Importance Assigned to Milestone
Fedora
Fix Released
Low
cpio (Ubuntu)
Fix Released
Undecided
Stephan Rügamer
Dapper
Fix Released
Undecided
Unassigned
Edgy
Invalid
Undecided
Unassigned
Feisty
Fix Released
Undecided
Unassigned
Gutsy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: cpio

Dear Colleagues,

cpio has the same security issue like tar, as explained in CVE-2007-4476.

Buffer overflow in the safer_name_suffix function in GNU tar has
unspecified attack vectors and impact, resulting in a "crashing stack."

I'll provide some security updates for dapper, edgy, feisty, gutsy as well a merge for the latest hardy upload.

Regards,

\sh

Tags: edgy-close
Revision history for this message
In , Tomas (tomas-redhat-bugs) wrote :

Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4476
to the following vulnerability:

Bug in the safer_name_suffix function in GNU tar may lead to a "crashing
stack". It can be used to crash tar while extracting archive containing file
with long name containing unsafe prefix.

Affected function is also part of cpio source code.

References:

http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://lists.gnu.org/archive/html/bug-cpio/2007-08/msg00002.html

Revision history for this message
In , Tomas (tomas-redhat-bugs) wrote :

Upstream patch for paxutils / paxlib (used by recent versions of tar and cpio):

http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4

Revision history for this message
In , Radek (radek-redhat-bugs) wrote :

Created attachment 236281
patch for cpio-2.6

this patch should work for all affected software as the rest of patch from
comment #1 are just optimizations for memory usage (one malloc less)

Revision history for this message
In , Radek (radek-redhat-bugs) wrote :

Fedora builds of fixed tar are now complete (with the patch from upstream):
  tar-1.15.1-27.fc6
  tar-1.15.1-28.fc7
  tar-1.17-4.fc8
  tar-1.17-4.fc9

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

tar-1.15.1-28.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.

Revision history for this message
In , Radek (radek-redhat-bugs) wrote :

Created attachment 245931
new patch for cpio-2.6 (this one frees malloc'd memory)

Revision history for this message
In , Radek (radek-redhat-bugs) wrote :

fixed Fedora builds of cpio:
  cpio-2.6-22.fc6
  cpio-2.6-28.fc7
  cpio-2.9-5.fc8
  cpio-2.9-5.fc9

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

cpio-2.6-28.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

tar-1.17-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

cpio-2.9-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

@Daniel:

You were the last uploader, so it's normally your duty to do the next merge ;)

Please don't work on it, I'm doing the merge and fixing this issue.

Thx,

\sh

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

Sorry Daniel, it wasn't you, p.u.c. bugged me, fabbione was the last one ;)

Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

hardy cpio was merged by mvo

Stephan Rügamer (sruegamer)
Changed in cpio:
status: New → In Progress
Revision history for this message
Daniel Hahler (blueyed) wrote :

Setting it back to Triaged.

Changed in cpio:
status: In Progress → Triaged
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

It just needs to be checked and uploaded

Changed in cpio:
status: Triaged → In Progress
assignee: nobody → shermann
Revision history for this message
Till Ulen (tillulen) wrote :

Has there been any progress on this bug?

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Fixed in Debian: DSA-1566-1 (http://www.debian.org/security/2008/dsa-1566)

Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Edgy Eft 6.10 has reached it's end of life. As a result, we are closing the Edgy Eft task. However, please note that this report will remain open against the actively developed release. Thank you for your continued support and help as we debug this issue.

Changed in cpio:
status: New → Invalid
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is fixed in Hardy, so closing the main task.

Changed in cpio:
status: In Progress → Fix Released
status: New → In Progress
status: New → In Progress
status: New → In Progress
Jamie Strandboge (jdstrand)
Changed in cpio:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cpio - 2.8-1ubuntu2.2

---------------
cpio (2.8-1ubuntu2.2) gutsy-security; urgency=low

  * SECURITY UPDATE: Buffer overflow in the safer_name_suffix function in GNU
    cpio has unspecified attack vectors and impact, resulting in a "crashing
    stack."
  * patch paxnames.c to correct an allocation weakness in safer_name_suffix()
    which could lead to a crash. Thanks to Stephan Hermann
  * References:
    CVE-2007-4476
    LP: #161173

 -- Jamie Strandboge <email address hidden> Mon, 29 Sep 2008 16:58:13 -0500

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cpio - 2.6-17ubuntu0.7.04.1

---------------
cpio (2.6-17ubuntu0.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: Buffer overflow in the safer_name_suffix function in GNU
    cpio has unspecified attack vectors and impact, resulting in a "crashing
    stack."
  * src/copyin.c: patch copyin.c to correct an allocation weakness in
    safer_name_suffix() which could lead to a crash. Thanks to Stephan Hermann
  * References:
    CVE-2007-4476
    LP: #161173

 -- Jamie Strandboge <email address hidden> Mon, 29 Sep 2008 16:58:13 -0500

Changed in cpio:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

http://www.ubuntu.com/usn/usn-650-1

Changed in cpio:
status: Fix Committed → Fix Released
Revision history for this message
In , errata-xmlrpc (errata-xmlrpc-redhat-bugs) wrote :

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0141 https://rhn.redhat.com/errata/RHSA-2010-0141.html

Revision history for this message
In , errata-xmlrpc (errata-xmlrpc-redhat-bugs) wrote :

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0144 https://rhn.redhat.com/errata/RHSA-2010-0144.html

Bug Watch Updater (bug-watch-updater)
Changed in fedora:
importance: Unknown → Low
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.