[security-announce] cpio 2.11: bug fix

Sona Sarmadi sona.sarmadi at enea.com
Thu Aug 13 10:52:04 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	cpio 2.11: bug fix

=========================================================
Product/package: cpio 2.11
=========================================================
This patch fixes memory overrun on reading improperly created
link records.

Signed patch and README files
================================
0096-cpio-Fix-memory-overrun.patch
0096-cpio-Fix-memory-overrun.patch.sig
0096-cpio-Fix-memory-overrun.READMAE.asc

References
==========
http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28f
cc990e79cd6fccc7ae48d

  * src/copyin.c (get_link_name): New function.
  (list_file, copyin_link): use get_link_name

  * tests/symlink-bad-length.at: New file.
  * tests/symlink-long.at: New file.
  * tests/Makefile.am: Add new files.
  * tests/testsuite.at: Likewise.


How to apply the patches
=======================
Make sure that you have an installation of Enea Linux and
have applied the existing patches in the right order.

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

 - Fetch, verify and apply the new patch
wget https://linux.enea.com/4.0/patches/\
0096-cpio-Fix-memory-overrun.patch
wget https://linux.enea.com/4.0/patches/\
0096-cpio-Fix-memory-overrun.patch.sig
gpg --verify 0096-cpio-Fix-memory-overrun.patch.sig
patch -p1 < ./0096-cpio-Fix-memory-overrun.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVzFq0AAoJEHc+9u9ocWoUYOcP/jk9YCMf8beZ/bmNIqgBdphD
y5/5rp+JMA81znixuaV8XqDywh7RUy0A8LB55jD4mGGWg5LLKkoVoAg45aEM6J1y
IXTqHBM+ondXuYNmBs5Qrm9DuhnqUHOcqG32wrcC7LoO0lsdBSp4FLjclfFZzP7S
b4ARAG17pi/oNsgTyVtRyOtwLqf9/29Dt8jjtLmdmgrALmUdnueRZVU49y+FR5+3
wUchtpAw1PrykJ2sbhzQIeUc42Fs+rEqoK+OlAukw1CdahIokfLUMGHg9DMA/gps
76kTu09wMEvGtfDHQkMdqiwOJuwCb7sMOdoImyQeNFKRrU6xrl04AITmJncU3E9F
IJVasn3HhfCWYp94ZNAmv/twTbRABQcf5HeyQj7G9bJG7fAQB7VX4sOmFa5vXMXf
0wrJ+nZX20m9qiRgI70p0dz2eDv/18vzwe4emCuTdQPWHt/9K7AkueJ+J5SZ5ATV
7zttgtAmD8tk2Z45zmfJBBMTOx4PuTgATg5foKMwg7hkQBn3JUzVLWvkU6UWp+6x
cO2mC8A+xB6iZP7h9Kd2/Z9BxzHfM8NBkJ3DuEgDCXm2l3BTUTtoHc/737av6JLp
Whfcwsvg7udWGyNDoJtpjmLsBPaacsWqEm5b/QARgqh9AOlYiIkG8FcQ4vQp6qFR
MPnoQfYNg3Ua1AYFOswA
=Go2n
-----END PGP SIGNATURE-----



More information about the security-announce mailing list