Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Trustix » Cpio, gawk vulnerability fixes

Cpio, gawk vulnerability fixes

GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. Gawk should be upwardly compatible with the Bell Labs research version of awk and is almost completely compliant with the 1993 POSIX 1003.2 standard for awk.

  • Vendor: Trustix
  • Vendor ID: TSLBA #2006-0041
  • Date: July 21, 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2006-0041

Package names: cpio, gawk
Summary: Various bug fixes
Date: 2006-07-21
Affected versions: Trustix Secure Linux 3.0

- --------------------------------------------------------------------------
Package description:
cpio
GNU cpio copies files into or out of a cpio or tar archive. Archives
are files which contain a collection of other files plus information
about them, such as their file name, owner, timestamps, and access
permissions. The archive can be another file on the disk, a magnetic
tape, or a pipe. GNU cpio supports the following archive formats:
binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar
and POSIX.1 tar. By default, cpio creates binary format archives, so
that they are compatible with older cpio programs. When it is extracting
files from archives, cpio automatically recognizes which kind of archive
it is reading and can read archives created on machines with a different
byte-order.

gawk
The gawk packages contains the GNU version of awk, a text processing
utility. Awk interprets a special-purpose programming language to do
quick and easy text pattern matching and reformatting jobs. Gawk should
be upwardly compatible with the Bell Labs research version of awk and
is almost completely compliant with the 1993 POSIX 1003.2 standard for
awk.

Problem description:
cpio < TSL 3.0 >
- Patch applied to preserve symlinks.

gawk < TSL 3.0 >
- Patched to fix Bug #1842.

Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.


Location:
All Trustix Secure Linux updates are available from




About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.


Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.


Questions?
Check out our mailing lists:



Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:


The advisory itself is available from the errata pages at
and

or directly at



MD5sums of the packages:
- --------------------------------------------------------------------------
421fd8424f7857f927bf12e67ec92233 3.0/rpms/cpio-2.6-5tr.i586.rpm
fd9a1835812a7f6aadd041577faac8e0 3.0/rpms/gawk-3.1.5-2tr.i586.rpm
c4f371b0fd0f5d52ff8170b8bb01d441 3.0/rpms/gawk-doc-3.1.5-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFEwNHWi8CEzsK9IksRAs2hAJ9gFBTS5iSbgzMf/ykphDKUv2qMWACfSOYR
VEXac2b9ryqoORkrVlEXE7Q=
=z073
-----END PGP SIGNATURE-----

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »