Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in cpio
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in cpio
ID: MDVSA-2010:065
Distribution: Mandriva
Plattformen: Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2008.0, Mandriva 2009.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0, Mandriva 2010.0
Datum: Di, 23. März 2010, 16:44
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624
Applikationen: GNU cpio

Originalnachricht

This is a multi-part message in MIME format...

------------=_1269353825-24326-6203


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:065
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cpio
Date : March 23, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in cpio and tar:

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c
in the rmt client functionality in GNU tar before 1.23 and GNU cpio
before 2.11 allows remote rmt servers to cause a denial of service
(memory corruption) or possibly execute arbitrary code by sending more
data than was requested, related to archive filenames that contain a :
(colon) character (CVE-2010-0624).

The Tar package as shipped with Mandriva Linux is not affected
by this vulnerability, but it was patched nonetheless in order to
provide additional security to customers who recompile the package
while having the rsh package installed.

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
56cdfb4e12affc6594049570fb8d35ce 2008.0/i586/cpio-2.9-2.2mdv2008.0.i586.rpm
705c2df54a9920908909423da574b32d 2008.0/i586/tar-1.18-1.2mdv2008.0.i586.rpm
596789a93702aecd07562281c9d48f78 2008.0/SRPMS/cpio-2.9-2.2mdv2008.0.src.rpm
b1a645b471280fa0e51c38aedfa504aa 2008.0/SRPMS/tar-1.18-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
d7eaf79ca34d67b5f152372813254cb1
2008.0/x86_64/cpio-2.9-2.2mdv2008.0.x86_64.rpm
2c97f01252660e80b9d00b7ebd7815e5
2008.0/x86_64/tar-1.18-1.2mdv2008.0.x86_64.rpm
596789a93702aecd07562281c9d48f78 2008.0/SRPMS/cpio-2.9-2.2mdv2008.0.src.rpm
b1a645b471280fa0e51c38aedfa504aa 2008.0/SRPMS/tar-1.18-1.2mdv2008.0.src.rpm

Mandriva Linux 2009.0:
a3058108cddda8dde95b20b9be7d2aae 2009.0/i586/cpio-2.9-5.1mdv2009.0.i586.rpm
8af041a2f14d3ea6761eb1ec77fa4964 2009.0/i586/tar-1.20-7.1mdv2009.0.i586.rpm
93f6cecaa13c9b3495721592305e1339 2009.0/SRPMS/cpio-2.9-5.1mdv2009.0.src.rpm
a755272047ac5cb179a5c294057154cd 2009.0/SRPMS/tar-1.20-7.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
ab93a4d266e37076e233aa2367a8c478
2009.0/x86_64/cpio-2.9-5.1mdv2009.0.x86_64.rpm
67ed3f23bcc8a8b633cbd8c8d7b9516b
2009.0/x86_64/tar-1.20-7.1mdv2009.0.x86_64.rpm
93f6cecaa13c9b3495721592305e1339 2009.0/SRPMS/cpio-2.9-5.1mdv2009.0.src.rpm
a755272047ac5cb179a5c294057154cd 2009.0/SRPMS/tar-1.20-7.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
2d0eeca73eb44a8c7e41c50fd4c20add 2009.1/i586/cpio-2.9-6.1mdv2009.1.i586.rpm
3cff4bb92b1ca2e074e1382f555bf7bc 2009.1/i586/tar-1.21-2.1mdv2009.1.i586.rpm
b5be5792c0e7e755554eae6c373a40dd 2009.1/SRPMS/cpio-2.9-6.1mdv2009.1.src.rpm
a5ed5628ea098b1687cd432aff6adb38 2009.1/SRPMS/tar-1.21-2.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
d15356d257890237b4176c3206f03b4d
2009.1/x86_64/cpio-2.9-6.1mdv2009.1.x86_64.rpm
edd4211deb588b7b649606e8585bd15a
2009.1/x86_64/tar-1.21-2.1mdv2009.1.x86_64.rpm
b5be5792c0e7e755554eae6c373a40dd 2009.1/SRPMS/cpio-2.9-6.1mdv2009.1.src.rpm
a5ed5628ea098b1687cd432aff6adb38 2009.1/SRPMS/tar-1.21-2.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
bbe43728f9f8db2ceabba5dcb375e4a7 2010.0/i586/cpio-2.10-1.1mdv2010.0.i586.rpm
d5f150a07bf5fb6e6918b49f80742031 2010.0/i586/tar-1.22-2.1mdv2010.0.i586.rpm
f3379cc3d9787bda215d08dd56d33e3c 2010.0/SRPMS/cpio-2.10-1.1mdv2010.0.src.rpm
d6f6ed62e6c1cc2bf1761408427ff0a1 2010.0/SRPMS/tar-1.22-2.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
9bbaba5025e46793b44503684fe963a3
2010.0/x86_64/cpio-2.10-1.1mdv2010.0.x86_64.rpm
965f38e0f6d386e02d6a174f84871dd9
2010.0/x86_64/tar-1.22-2.1mdv2010.0.x86_64.rpm
f3379cc3d9787bda215d08dd56d33e3c 2010.0/SRPMS/cpio-2.10-1.1mdv2010.0.src.rpm
d6f6ed62e6c1cc2bf1761408427ff0a1 2010.0/SRPMS/tar-1.22-2.1mdv2010.0.src.rpm

Corporate 4.0:
f614d9c66ae80c195bff9126e1755284
corporate/4.0/i586/cpio-2.6-5.2.20060mlcs4.i586.rpm
2ab8ec94b6e698122a2965bc942f4507
corporate/4.0/i586/tar-1.15.1-5.5.20060mlcs4.i586.rpm
3ea902eef3045f53fc5731cd7d2ae9bd
corporate/4.0/SRPMS/cpio-2.6-5.2.20060mlcs4.src.rpm
c4eb72165f7f6e82b8fa1e61f03ae8d8
corporate/4.0/SRPMS/tar-1.15.1-5.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
459a97a9a72f94a331f71a3ab7364d73
corporate/4.0/x86_64/cpio-2.6-5.2.20060mlcs4.x86_64.rpm
f6f389f792d26da8599ca3f52337bfda
corporate/4.0/x86_64/tar-1.15.1-5.5.20060mlcs4.x86_64.rpm
3ea902eef3045f53fc5731cd7d2ae9bd
corporate/4.0/SRPMS/cpio-2.6-5.2.20060mlcs4.src.rpm
c4eb72165f7f6e82b8fa1e61f03ae8d8
corporate/4.0/SRPMS/tar-1.15.1-5.5.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
610988c42706cc2285fa96a76d3f8591 mes5/i586/cpio-2.9-5.1mdvmes5.i586.rpm
54419d1d259783ed09eb650b50bcf92e mes5/i586/tar-1.20-7.1mdvmes5.i586.rpm
68ee2df00ed5e14e2b63848cd859314b mes5/SRPMS/cpio-2.9-5.1mdvmes5.src.rpm
323b0d0f9724a8bb47a19f9515796aa1 mes5/SRPMS/tar-1.20-7.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
b15be67043a8fbafac508dee747145cc mes5/x86_64/cpio-2.9-5.1mdvmes5.x86_64.rpm
73e670bfd66de82d128329a65d616fd4 mes5/x86_64/tar-1.20-7.1mdvmes5.x86_64.rpm
68ee2df00ed5e14e2b63848cd859314b mes5/SRPMS/cpio-2.9-5.1mdvmes5.src.rpm
323b0d0f9724a8bb47a19f9515796aa1 mes5/SRPMS/tar-1.20-7.1mdvmes5.src.rpm

Multi Network Firewall 2.0:
cc7e0ee1931123b8d25535ef09a0bddb
mnf/2.0/i586/tar-1.13.25-11.2.C30mdk.i586.rpm
899c3024740570ebd77ee27ce2caddcc
mnf/2.0/SRPMS/tar-1.13.25-11.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLqJpomqjQ0CJFipgRAsHHAJ92YyeHoAhhZ5XYWMdaLkqyHUKgHACgzBwE
Yb3u2qifffzdMrYlo8FlDKY=
=8efe
-----END PGP SIGNATURE-----


------------=_1269353825-24326-6203
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1269353825-24326-6203--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung