Bug 163096 - cpio - CAN-2005-1111 race and CAN-2005-1229 directory traversal issues
cpio - CAN-2005-1111 race and CAN-2005-1229 directory traversal issues
Status: CLOSED CANTFIX
Product: Fedora Legacy
Classification: Retired
Component: cpio (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-12 16:36 EDT by Michal Jaegermann
Modified: 2007-04-18 13:29 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-11 20:36:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Jaegermann 2005-07-12 16:36:20 EDT
Description of problem:

Bug #155751 and bug #156314 describe problems detailed in CAN-2005-1111
and CAN-2005-1229.  This is different than bug #152891.  A version of cpio
with these fixed is included in FC4 set.

For RHEL 7.3 there is a new source package at
ftp://ftp.harddata.com/pub/Legacy_srpms/cpio-2.4.2-26.1hd.src.rpm
with two patches "ported" from cpio-2.6-7 (FC4).  This changes semantics.
An old '--no-absolute-filenames' is still recognized, although not documented,
but this is a default which can be changed with new '--absolute-filenames'.

These issues affect all other versions of cpio below 2.6-7.
Comment 1 David Eisenstein 2007-04-11 20:36:10 EDT
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained.
These bugs can't be fixed in these versions.  If the issue still persists in
current Fedora Core releases, please reopen.  Thank you, and sorry about this.

Note You need to log in before you can comment on or make changes to this bug.