Oval Definition:oval:com.redhat.rhsa:def:20050080
Revision Date:2005-02-18Version:502
Title:RHSA-2005:080: cpio security update (Low)
Description:GNU cpio copies files into or out of a cpio or tar archive.

It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all can read and write) regardless of the user's umask setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-1999-1572 to this issue.

All users of cpio should upgrade to this updated package, which resolves this issue, and adds support for large files (> 2GB).
Family:unixClass:patch
Status:Reference(s):CVE-1999-1572
RHSA-2005:080-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND cpio is earlier than 0:2.5-3e.3
  • AND cpio is signed with Red Hat master key
  • BACK