RHSA-2007:0245: cpio security and bug fix update (Low)
Description:
GNU cpio copies files into or out of a cpio or tar archive.
A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with the target user's privileges. (CVE-2005-4268)
This erratum also addresses the following bugs:
cpio did not set exit codes appropriately.
cpio did not create a ram disk properly.
All users of cpio are advised to upgrade to this updated package, which contains backported fixes to correct these issues.