Описание
Security update for cpio
This update for cpio fixes the following issues:
- A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465]
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
cpio-2.9-75.81.14.1
cpio-lang-2.9-75.81.14.1
SUSE Linux Enterprise Server 11 SP4-LTSS
cpio-2.9-75.81.14.1
cpio-lang-2.9-75.81.14.1
Ссылки
- Link for SUSE-SU-2021:14788-1
- E-Mail link for SUSE-SU-2021:14788-1
- SUSE Security Ratings
- SUSE Bug 1189465
- SUSE CVE CVE-2021-38185 page
Описание
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:cpio-2.9-75.81.14.1
SUSE Linux Enterprise Point of Sale 11 SP3:cpio-lang-2.9-75.81.14.1
SUSE Linux Enterprise Server 11 SP4-LTSS:cpio-2.9-75.81.14.1
SUSE Linux Enterprise Server 11 SP4-LTSS:cpio-lang-2.9-75.81.14.1
Ссылки
- CVE-2021-38185
- SUSE Bug 1189206
- SUSE Bug 1189486
- SUSE Bug 1192364
- SUSE Bug 1193391
- SUSE Bug 1200733