Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:0366-1

Опубликовано: 02 фев. 2017
Источник: suse-cvrf

Описание

Security update for cpio

This update for cpio fixes two issues.

This security issue was fixed:

  • CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio allowed remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file (bsc#963448).

This non-security issue was fixed:

  • bsc#1020108: Always use 32 bit CRC to prevent checksum errors for files greater than 32MB

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
cpio-2.11-32.1
cpio-lang-2.11-32.1
SUSE Linux Enterprise Desktop 12 SP2
cpio-2.11-32.1
cpio-lang-2.11-32.1
SUSE Linux Enterprise Server 12 SP1
cpio-2.11-32.1
cpio-lang-2.11-32.1
SUSE Linux Enterprise Server 12 SP2
cpio-2.11-32.1
cpio-lang-2.11-32.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
cpio-2.11-32.1
cpio-lang-2.11-32.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
cpio-2.11-32.1
cpio-lang-2.11-32.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
cpio-2.11-32.1
cpio-lang-2.11-32.1

Ссылки

Описание

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:cpio-2.11-32.1
SUSE Linux Enterprise Desktop 12 SP1:cpio-lang-2.11-32.1
SUSE Linux Enterprise Desktop 12 SP2:cpio-2.11-32.1
SUSE Linux Enterprise Desktop 12 SP2:cpio-lang-2.11-32.1
Ссылки
Уязвимость SUSE-SU-2017:0366-1