Ubuntu alert USN-189-1 (cpio)

From:
    	     
 
Martin Pitt <martin.pitt@canonical.com>
To:
    	     
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
    	     
 
[USN-189-1] cpio vulnerabilities
Date:
    	     
 
Thu, 29 Sep 2005 12:57:45 +0200
Cc:
    	     
 
full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
===========================================================
Ubuntu Security Notice USN-189-1	 September 29, 2005
cpio vulnerabilities
CAN-2005-1111, CAN-2005-1229
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

cpio

The problem can be corrected by upgrading the affected package to
version 2.5-1.1ubuntu0.2 (for Ubuntu 4.10), or 2.5-1.1ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Imran Ghory found a race condition in the handling of output files.
While a file was unpacked with cpio, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the cpio user. (CAN-2005-1111)

Imran Ghory discovered a path traversal vulnerability. Even when the
--no-absolute-filenames option was specified, cpio did not filter out
".." path components. By tricking an user into unpacking a malicious
cpio archive, this could be exploited to install files in arbitrary
paths with the privileges of the user calling cpio. (CAN-2005-1229)


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:    27421 3800b28741820b67d89b8be0ca1b4c3a
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:      551 536a242096b46cbac9caf1e034e89f88
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:    68648 777b4ff7fa18697307311f3f306a61dd

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:    64158 6c8ee133865b826e666fe035eba229c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:    67678 a52efbe49389c50a4c6abed05dd79e95

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:    27418 0fb7a011377dd62652cacc4366d44baf
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:      551 d78ae16b8c3bcf9bdc9348dd7dd3d02f
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:    68686 00a2b4f57d4766e778f5de385c544549

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:    63972 b46cbb91273fc79d7ac1c82c3f0a27c5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2...
      Size/MD5:    67680 7f47d3eae5b01639f80c051ba77fbaa6

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...