Описание
Recommended update for cpio
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
cpio-2.11-36.12.1
Container suse/sles12sp3:latest
cpio-2.11-36.12.1
Container suse/sles12sp4:latest
cpio-2.11-36.12.1
Container suse/sles12sp5:latest
cpio-2.11-36.12.1
HPE Helion OpenStack 8
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
Image SLES12-SP4-Azure-BYOS
cpio-2.11-36.12.1
Image SLES12-SP4-EC2-HVM-BYOS
cpio-2.11-36.12.1
Image SLES12-SP4-GCE-BYOS
cpio-2.11-36.12.1
Image SLES12-SP4-SAP-Azure
cpio-2.11-36.12.1
Image SLES12-SP4-SAP-Azure-BYOS
cpio-2.11-36.12.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
cpio-2.11-36.12.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
cpio-2.11-36.12.1
Image SLES12-SP4-SAP-EC2-HVM
cpio-2.11-36.12.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
cpio-2.11-36.12.1
Image SLES12-SP4-SAP-GCE
cpio-2.11-36.12.1
Image SLES12-SP4-SAP-GCE-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-Azure-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-Azure-Basic-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-Azure-HPC-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-Azure-HPC-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-Azure-SAP-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-Azure-SAP-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-Azure-Standard-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-EC2-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-EC2-ECS-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-EC2-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-EC2-SAP-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-EC2-SAP-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-GCE-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-GCE-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-GCE-SAP-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-GCE-SAP-On-Demand
cpio-2.11-36.12.1
Image SLES12-SP5-OCI-BYOS-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
cpio-2.11-36.12.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
cpio-2.11-36.12.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
cpio-2.11-36.12.1
SUSE Linux Enterprise Server 12 SP2-BCL
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE Linux Enterprise Server 12 SP3-BCL
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE Linux Enterprise Server 12 SP3-LTSS
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE Linux Enterprise Server 12 SP4-LTSS
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE Linux Enterprise Server 12 SP5
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE OpenStack Cloud 8
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE OpenStack Cloud 9
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE OpenStack Cloud Crowbar 8
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
SUSE OpenStack Cloud Crowbar 9
cpio-2.11-36.12.1
cpio-lang-2.11-36.12.1
Ссылки
- Link for SUSE-RU-2021:2779-1
- E-Mail link for SUSE-RU-2021:2779-1
- SUSE Security Ratings
- SUSE Bug 1189465
- SUSE CVE CVE-2021-38185 page
Описание
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:cpio-2.11-36.12.1
Container suse/sles12sp3:latest:cpio-2.11-36.12.1
Container suse/sles12sp4:latest:cpio-2.11-36.12.1
Container suse/sles12sp5:latest:cpio-2.11-36.12.1
Ссылки
- CVE-2021-38185
- SUSE Bug 1189206
- SUSE Bug 1189486
- SUSE Bug 1192364
- SUSE Bug 1193391
- SUSE Bug 1200733