The problem can be corrected by upgrading the affected package to
version 2.5-1.1ubuntu0.3 (for Ubuntu 4.10), 2.5-1.1ubuntu1.2 (for
Ubuntu 5.04), or 2.5-1.2ubuntu1.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system).