Test ID:	1.3.6.1.4.1.25623.1.0.59844
Category:	Fedora Local Security Checks
Title:	Fedora Core 8 FEDORA-2007-2827 (cpio)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cpio announced via advisory FEDORA-2007-2827. GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. ChangeLog: * Thu Nov 1 2007 Radek Brich 2.9-5 - upstream patch for CVE-2007-4476 (stack crashing in safer_name_suffix) References: [ 1 ] Bug #280961 - CVE-2007-4476 tar stack crashing in safer_name_suffix https://bugzilla.redhat.com/show_bug.cgi?id=280961 [ 2 ] Bug #363891 - CVE-2007-4476 cpio stack crashing in safer_name_suffix [F8] https://bugzilla.redhat.com/show_bug.cgi?id=363891 [ 3 ] CVE-2007-4476 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476 Updated packages: 5a03fa8c30afdb5afbb89527f2763e256cd78681 cpio-2.9-5.fc8.ppc64.rpm 13ffbbf85b37b1a2173cc4b2d71e9553dfb38fa0 cpio-debuginfo-2.9-5.fc8.ppc64.rpm 4b8b964ba6fbec04c4472a702c7fbe863c53d092 cpio-debuginfo-2.9-5.fc8.i386.rpm c7b5210fcec13ed27360651b3583d72a98d61896 cpio-2.9-5.fc8.i386.rpm d34aeb9ce19da6881ccd8a27e17039ae3424ad30 cpio-debuginfo-2.9-5.fc8.x86_64.rpm bf17483fa3f658e3cb6c0108017847b24ac0c491 cpio-2.9-5.fc8.x86_64.rpm 2559b264f62acbd5c3343eddbe5e95b96cb3ba1b cpio-debuginfo-2.9-5.fc8.ppc.rpm bd8327a28fbe7509606ad21b9f7346e7c8e006b2 cpio-2.9-5.fc8.ppc.rpm 38bb73880286d31572b35a979f801aeb3171f83a cpio-2.9-5.fc8.src.rpm This update can be installed with the yum update program. Use su -c 'yum update cpio' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-2827 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4476 1021680 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1 26445 http://www.securityfocus.com/bid/26445 26674 http://secunia.com/advisories/26674 26987 http://secunia.com/advisories/26987 27331 http://secunia.com/advisories/27331 27453 http://secunia.com/advisories/27453 27514 http://secunia.com/advisories/27514 27681 http://secunia.com/advisories/27681 27857 http://secunia.com/advisories/27857 28255 http://secunia.com/advisories/28255 29968 http://secunia.com/advisories/29968 32051 http://secunia.com/advisories/32051 33567 http://secunia.com/advisories/33567 39008 http://secunia.com/advisories/39008 ADV-2010-0628 http://www.vupen.com/english/advisories/2010/0628 ADV-2010-0629 http://www.vupen.com/english/advisories/2010/0629 DSA-1438 http://www.debian.org/security/2007/dsa-1438 DSA-1566 http://www.debian.org/security/2008/dsa-1566 FEDORA-2007-2673 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html FEDORA-2007-735 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html GLSA-200711-18 http://security.gentoo.org/glsa/glsa-200711-18.xml MDKSA-2007:197 http://www.mandriva.com/security/advisories?name=MDKSA-2007:197 MDKSA-2007:233 http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 RHSA-2010:0141 http://www.redhat.com/support/errata/RHSA-2010-0141.html RHSA-2010:0144 http://www.redhat.com/support/errata/RHSA-2010-0144.html SUSE-SR:2007:018 http://www.novell.com/linux/security/advisories/2007_18_sr.html SUSE-SR:2007:019 http://www.novell.com/linux/security/advisories/2007_19_sr.html USN-650-1 http://www.ubuntu.com/usn/usn-650-1 USN-709-1 http://www.ubuntu.com/usn/usn-709-1 http://bugs.gentoo.org/show_bug.cgi?id=196978 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://bugzilla.redhat.com/show_bug.cgi?id=280961 https://issues.rpath.com/browse/RPL-1861 oval:org.mitre.oval:def:7114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114 oval:org.mitre.oval:def:8599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599 oval:org.mitre.oval:def:9336 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.