drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in cpio
Name: |
Zwei Probleme in cpio |
|
ID: |
TLSA-2005-80 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Sa, 3. September 2005, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229 |
|
Applikationen: |
GNU cpio |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2005-80 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 27 Jul 2005 Last revised: 03 Aug 2005
Package: cpio
Summary: Two vulnerabilities discovered in cpio
More information: GNU cpio copies files into or out of a cpio or tar archive. The archive can be another file on the disk, a magnetic tape, or a pipe.
- A vulnerability in the manner in which cpio handles archive files could allow local users to overwrite arbitrary files via a symlink attack. - Directory Traversal vulnerability exists in the cpio.
Impact: This vulerability could allow attackers to overwrite arbitrary files.
Affected Products: - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation
Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal] # turbopkg or # zabom -u cpio
[other] # turbopkg or # zabom update cpio ---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
cpio-2.4.2-22.src.rpm 227590 06171d509595d3903e23db8e913d386d
Binary Packages Size: MD5
cpio-2.4.2-22.i586.rpm 67775 1fa6aaac573707f1e8bacf7810392225
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
cpio-2.4.2-22.src.rpm 227590 b605ed536af70c0a06f946c983cccb24
Binary Packages Size: MD5
cpio-2.4.2-22.i586.rpm 67948 d0d29a79040a97db18cf14ca4227acfb
<Turbolinux 10 Server>
Source Packages Size: MD5
cpio-2.5-5.src.rpm 203307 c895e8fd8a39307cb88499d9330c9e6d
Binary Packages Size: MD5
cpio-2.5-5.i586.rpm 69746 4f466c8f01b3f5d1625b5dcac3cb1118 cpio-debug-2.5-5.i586.rpm 141434 74cada1b607ff7366d5d51a4feee63ec
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages Size: MD5
cpio-2.4.2-22.src.rpm 227590 8598e30ef44eb746ccb88801e64c522d
Binary Packages Size: MD5
cpio-2.4.2-22.i586.rpm 68589 b821f6e24f5e95486c8748697c6c5179
<Turbolinux 8 Server>
Source Packages Size: MD5
cpio-2.4.2-22.src.rpm 227590 70279362723e9a9e935375e51eed5869
Binary Packages Size: MD5
cpio-2.4.2-22.i586.rpm 67909 8245b731e54ed18f913b973890c666bf
<Turbolinux 8 Workstation>
Source Packages Size: MD5
cpio-2.4.2-22.src.rpm 227590 578a866e1bfd086e27f5277074286348
Binary Packages Size: MD5
cpio-2.4.2-22.i586.rpm 67918 fdd169026e1f148b1bcb30c6e4c00f54
<Turbolinux 7 Server>
Source Packages Size: MD5
cpio-2.4.2-22.src.rpm 227590 d46398cb76be81567b4f56b659f18649
Binary Packages Size: MD5
cpio-2.4.2-22.i586.rpm 66790 13955097ac0bb09a80f8d4ee0c0b0e41
<Turbolinux 7 Workstation>
Source Packages Size: MD5
cpio-2.4.2-22.src.rpm 227590 c7a40f6ee46cffbb2e13c90ec639161d
Binary Packages Size: MD5
cpio-2.4.2-22.i586.rpm 66849 cccc2727b50e56dad2d4ea497a353a2b
References:
CVE [CAN-2005-1111] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1111 [CAN-2005-1229] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1229
-------------------------------------------------------------------------- Revision History 27 Jul 2005 Initial release 03 Aug 2005 Added Turbolinux Multimedia, Turbolinux Personal to "Affected Products" --------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC8G6YK0LzjOqIJMwRArOJAKCMOTd5q4g6GvR3dU3feKvHwl/fxQCgoE+8 WcM10FCe2IpGmgvI6cB2h0U= =H2f7 -----END PGP SIGNATURE-----
|
|
|
|