Описание
Security update for cpio
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
cpio-2.9-75.81.8.1
cpio-lang-2.9-75.81.8.1
SUSE Linux Enterprise Server 11 SP4-LTSS
cpio-2.9-75.81.8.1
cpio-lang-2.9-75.81.8.1
Ссылки
- Link for SUSE-SU-2021:14777-1
- E-Mail link for SUSE-SU-2021:14777-1
- SUSE Security Ratings
- SUSE Bug 1189206
- SUSE CVE CVE-2021-38185 page
Описание
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:cpio-2.9-75.81.8.1
SUSE Linux Enterprise Point of Sale 11 SP3:cpio-lang-2.9-75.81.8.1
SUSE Linux Enterprise Server 11 SP4-LTSS:cpio-2.9-75.81.8.1
SUSE Linux Enterprise Server 11 SP4-LTSS:cpio-lang-2.9-75.81.8.1
Ссылки
- CVE-2021-38185
- SUSE Bug 1189206
- SUSE Bug 1189486
- SUSE Bug 1192364
- SUSE Bug 1193391
- SUSE Bug 1200733