----------------------------------------------------------------------

2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv

----------------------------------------------------------------------

TITLE:
Mandriva update for cpio

SECUNIA ADVISORY ID:
SA27857

VERIFY ADVISORY:
http://secunia.com/advisories/27857/

CRITICAL:
Less critical

IMPACT:
DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/

DESCRIPTION:
Mandriva has issued an update for cpio. This fixes two
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service) or compromise a user's system.

1) A vulnerability is caused due to an error when processing
specially crafted tar archives. This can be exploited to cause a
stack-based buffer overflow and crash the vulnerable application.

2) A vulnerability is caused due to missing validation of filenames
included in archives.

For more information:
SA7745

SOLUTION:
Apply updated packages.

Mandriva Linux 2007

88af30721a848b5fd4b3e26c5c055846 
2007.0/i586/cpio-2.6-7.1mdv2007.0.i586.rpm 
250697255ccc671ca2a01c2ba762aac6 
2007.0/SRPMS/cpio-2.6-7.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

fc1e32f7b528997237b392b1c1da9c3c 
2007.0/x86_64/cpio-2.6-7.1mdv2007.0.x86_64.rpm 
250697255ccc671ca2a01c2ba762aac6 
2007.0/SRPMS/cpio-2.6-7.1mdv2007.0.src.rpm

ORIGINAL ADVISORY:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:233

OTHER REFERENCES:
SA7745:
http://secunia.com/advisories/7745/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------