Test ID:	1.3.6.1.4.1.25623.1.0.59715
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2007-2744 (cpio)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cpio announced via advisory FEDORA-2007-2744. GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. ChangeLog: * Fri Nov 2 2007 Radek Brich 2.6-28 - patch for CVE-2007-4476 (stack crashing in safer_name_suffix) References: [ 1 ] Bug #280961 - CVE-2007-4476 tar stack crashing in safer_name_suffix https://bugzilla.redhat.com/show_bug.cgi?id=280961 [ 2 ] Bug #363891 - CVE-2007-4476 cpio stack crashing in safer_name_suffix [F8] https://bugzilla.redhat.com/show_bug.cgi?id=363891 [ 3 ] CVE-2007-4476 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476 Updated packages: 911f30a11bdf2238f1a50b91f83d7d21d9455978 cpio-2.6-28.fc7.ppc64.rpm 2383a135ea76390668742d1bb2a9aa6c70ecb544 cpio-debuginfo-2.6-28.fc7.ppc64.rpm 381a54fed92cf24e362591c12d7162bc96d71817 cpio-2.6-28.fc7.i386.rpm 13c531c898880bc6e3819485551320f85fd8c766 cpio-debuginfo-2.6-28.fc7.i386.rpm c83be5c1d1f000d648cf869eba2c15c521461305 cpio-debuginfo-2.6-28.fc7.x86_64.rpm 893d61604221551311f239895200d7c41cd5e104 cpio-2.6-28.fc7.x86_64.rpm e6bb3ed461f30731455796b159fb7b694eff4c29 cpio-debuginfo-2.6-28.fc7.ppc.rpm 74d248d2291c172085b1917e88b685f6d7dcfe09 cpio-2.6-28.fc7.ppc.rpm 96e481bdd62838bfcb95376d1c0d1333a4b8cd96 cpio-2.6-28.fc7.src.rpm This update can be installed with the yum update program. Use su -c 'yum update cpio' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-2744 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4476 1021680 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1 26445 http://www.securityfocus.com/bid/26445 26674 http://secunia.com/advisories/26674 26987 http://secunia.com/advisories/26987 27331 http://secunia.com/advisories/27331 27453 http://secunia.com/advisories/27453 27514 http://secunia.com/advisories/27514 27681 http://secunia.com/advisories/27681 27857 http://secunia.com/advisories/27857 28255 http://secunia.com/advisories/28255 29968 http://secunia.com/advisories/29968 32051 http://secunia.com/advisories/32051 33567 http://secunia.com/advisories/33567 39008 http://secunia.com/advisories/39008 ADV-2010-0628 http://www.vupen.com/english/advisories/2010/0628 ADV-2010-0629 http://www.vupen.com/english/advisories/2010/0629 DSA-1438 http://www.debian.org/security/2007/dsa-1438 DSA-1566 http://www.debian.org/security/2008/dsa-1566 FEDORA-2007-2673 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html FEDORA-2007-735 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html GLSA-200711-18 http://security.gentoo.org/glsa/glsa-200711-18.xml MDKSA-2007:197 http://www.mandriva.com/security/advisories?name=MDKSA-2007:197 MDKSA-2007:233 http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 RHSA-2010:0141 http://www.redhat.com/support/errata/RHSA-2010-0141.html RHSA-2010:0144 http://www.redhat.com/support/errata/RHSA-2010-0144.html SUSE-SR:2007:018 http://www.novell.com/linux/security/advisories/2007_18_sr.html SUSE-SR:2007:019 http://www.novell.com/linux/security/advisories/2007_19_sr.html USN-650-1 http://www.ubuntu.com/usn/usn-650-1 USN-709-1 http://www.ubuntu.com/usn/usn-709-1 http://bugs.gentoo.org/show_bug.cgi?id=196978 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://bugzilla.redhat.com/show_bug.cgi?id=280961 https://issues.rpath.com/browse/RPL-1861 oval:org.mitre.oval:def:7114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114 oval:org.mitre.oval:def:8599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599 oval:org.mitre.oval:def:9336 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.