Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in cpio. For additional information, see : VUPEN/ADV-2007-3511

Affected Products

Fedora 8

Solution

Upgrade the affected packages :

5a03fa8c30afdb5afbb89527f2763e256cd78681 cpio-2.9-5.fc8.ppc64.rpm
13ffbbf85b37b1a2173cc4b2d71e9553dfb38fa0 cpio-debuginfo-2.9-5.fc8.ppc64.rpm
4b8b964ba6fbec04c4472a702c7fbe863c53d092 cpio-debuginfo-2.9-5.fc8.i386.rpm
c7b5210fcec13ed27360651b3583d72a98d61896 cpio-2.9-5.fc8.i386.rpm
d34aeb9ce19da6881ccd8a27e17039ae3424ad30 cpio-debuginfo-2.9-5.fc8.x86_64.rpm
bf17483fa3f658e3cb6c0108017847b24ac0c491 cpio-2.9-5.fc8.x86_64.rpm
2559b264f62acbd5c3343eddbe5e95b96cb3ba1b cpio-debuginfo-2.9-5.fc8.ppc.rpm
bd8327a28fbe7509606ad21b9f7346e7c8e006b2 cpio-2.9-5.fc8.ppc.rpm
38bb73880286d31572b35a979f801aeb3171f83a cpio-2.9-5.fc8.src.rpm

References

http://www.vupen.com/english/advisories/2007/3760
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00118.html

ChangeLog

2007-11-07 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.