-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-30
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 10 Mar 2005
Last revised: 10 Mar 2005
Package: cpio
Summary: Umask bug
More information:
GNU cpio copies files into or out of a cpio or tar archive. The archive
can be placed into another file on disk, on a magnetic tape, or into a pipe.
The cpio uses a file creation mask (umask) of 0 when creating files when
the -O (archive) or -F options are used.
Impact:
The cpio creates files with mode 0666 (a+rw) which allows local users
to read or overwrite created files.
Affected Products:
- Turbolinux 10 Server
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom -u cpio
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/cpio-2.5-4.src.rpm
199582 bc7c050c24a27224d8d34badc92aff10
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/cpio-2.5-4.i586.rpm
69397 3f4c1ada6fd3dd75be8b695b8cf22ab9
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/cpio-debug-2.5-4.i586.rpm
140763 4b6b3d98ea7848ea5ab3f263edd1c236
References:
CVE
[
CAN-1999-1572]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-1999-1572
--------------------------------------------------------------------------
Revision History
10 Mar 2005 Initial release
--------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFCL+XIK0LzjOqIJMwRAiYIAJ4rgPTYIR8nhcQ8b97JwEdRdbEfkgCfXDrD
JjToHCoX4RdQNXP0Bxm4H/8=
=pjbF
-----END PGP SIGNATURE-----