similar to: CESA-2005:378 Low CentOS 3 x86_64 cpio - security update

CentOS Errata and Security Advisory CESA-2005:378 cpio security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2005-378.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/cpio-2.5-4.RHEL3.i386.rpm source: updates/SRPMS/cpio-2.5-4.RHEL3.src.rpm You may update your CentOS-3 i386 installations by running the command:

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory 2005:378 https://rhn.redhat.com/errata/RHSA-2005-378.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/cpio-2.5-4.RHEL3.s390.rpm s390x: updates/s390x/RPMS/cpio-2.5-4.RHEL3.s390x.rpm -- Pasi Pirhonen - upi at iki.fi - http://iki.fi/upi/ -------------- next part -------------- A non-text

CentOS Errata and Security Advisory 2005:378 https://rhn.redhat.com/errata/RHSA-2005-378.html The following updated files have been uploaded and are currently syncing to the mirrors: files: updates/ia64/RPMS/cpio-2.5-4.RHEL3.ia64.rpm -- Pasi Pirhonen - upi at iki.fi - http://iki.fi/upi/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available

CentOS Errata and Security Advisory 2007:0245 https://rhn.redhat.com/errata/RHSA-2007-0245.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/cpio-2.5-13.RHEL4.ia64.rpm -- Pasi Pirhonen - upi at iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored -------------- next part -------------- A non-text attachment was

CentOS Errata and Security Advisory 2005:378 https://rhn.redhat.com/errata/RHSA-2005-378.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: cpio-2.5-8.RHEL4.i386.rpm src: cpio-2.5-8.RHEL4.src.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc:

CentOS Errata and Security Advisory 2005:378 https://rhn.redhat.com/errata/RHSA-2005-378.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: cpio-2.5-8.RHEL4.x86_64.rpm src: cpio-2.5-8.RHEL4.src.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes

CentOS Errata and Security Advisory 2005:378 https://rhn.redhat.com/errata/RHSA-2005-378.html The following updated files have been uploaded and are currently syncing to the mirrors: files: updates/ia64/RPMS/cpio-2.5-8.RHEL4.ia64.rpm -- Pasi Pirhonen - upi at iki.fi - http://iki.fi/upi/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory CESA-2010:0145 cpio security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2010-0145.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/cpio-2.5-6.RHEL3.i386.rpm source: updates/SRPMS/cpio-2.5-6.RHEL3.src.rpm You may update your CentOS-3 i386 installations by running the command:

CentOS Errata and Security Advisory CESA-2010:0145 cpio security update for CentOS 3 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0145.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/cpio-2.5-6.RHEL3.x86_64.rpm source: updates/SRPMS/cpio-2.5-6.RHEL3.src.rpm You may update your CentOS-3 x86_64 installations by running

https://rhn.redhat.com/errata/RHSA-2005-136.html refers updated files are :- updates/i386/RPMS/mailman-2.1.5-24.rhel3.i386.rpm updates/i386/SRPMS/mailman-2.1.5-24.rhel3.src.rpm To update CentOS 3.4 to this new version run 'yum update mailman' CentOS 3.3 shipped with an earlier version of mailman - mailman-2.0.13-5 - in the extras repo. This version has not been supported since 3.4 was

The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHSA-2005:806-01 Low: cpio security update Files available: cpio-2.4.2-25.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin Computer

Greetings, 4 belated x86_64 updates here for CentOS-3 (I just got my 64-bit development boxes back from a show). They'll be hitting the mirrors eventually. Future updates will be much more timely. libxml2: https://rhn.redhat.com/errata/RHSA-2004-615.html RPMS/libxml2-2.5.10-7.x86_64.rpm RPMS/libxml2-devel-2.5.10-7.x86_64.rpm RPMS/libxml2-python-2.5.10-7.x86_64.rpm

hello, On Mon, 16 Jun 2008, Joey Hess wrote: > klibc cpio segfaults extracting various cpio files. It seems to work for > small files, but fail for larger ones, including the d-i root floppy > image. > > For example: > > joey at kodama:/tmp/empty>wget http://people.debian.org/~joeyh/d-i/images/20080401-09:01/floppy/root.img > joey at kodama:/tmp/empty>zcat

Unlink files, symlinks, FIFOs, devices etc. (except directories) before writing them when extracting CPIOs. This stops weird behaviour like: 1) writing through symlinks created in earlier CPIOs. eg foo->bar in the first CPIO. Having foo as a non-link in a subsequent CPIO, results in bar being written and foo remaining as a symlink. 2) if the first version of file foo is larger

https://rhn.redhat.com/errata/RHSA-2004-604.html refers Updated files are :- gaim-1.0.1-1.RHEL3.i386.rpm in updates/i386/RPMS/ This is available at http://mirror.centos.org/3.3/ and should be on all mirrors within a few hours.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:03.cpio Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities cpio Category: contrib Module: contrib_cpio Announced:

The following patch unlinks (deletes) files, symlinks, FIFOs, devices etc before writing them when extracting CPIOs. It doesn't delete directories. This stops weird behaviour like: 1) writing through symlinks created in earlier CPIOs. eg foo->bar in the first CPIO. Having foo as a non link in a subsequent CPIO, results in bar being written and foo remaining as a symlink. 2)

I've googled to try and find discussion of this topic but didn't see any results particularly interesting... Is there any particular reason the kernel has gen_init_cpio instead of just using cpio itself? I'm working on some changes that would involve just cpio-ing the entire usr/root subtree as the initramfs image (instead of gen_init_cpio having to know ahead of time what files to