Описание
Security update for cpio
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238)
Список пакетов
Container suse/ltss/sle15.3/bci-base:latest
cpio-2.12-150000.3.12.1
Container suse/sle-micro-rancher/5.2:latest
cpio-2.12-150000.3.12.1
Container suse/sle-micro/5.1/toolbox:latest
cpio-2.12-150000.3.12.1
Container suse/sle-micro/5.2/toolbox:latest
cpio-2.12-150000.3.12.1
Container suse/sle15:15.2
cpio-2.12-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
cpio-2.12-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
cpio-2.12-150000.3.12.1
Image SLES15-SP3-BYOS-Azure
cpio-2.12-150000.3.12.1
Image SLES15-SP3-BYOS-EC2-HVM
cpio-2.12-150000.3.12.1
Image SLES15-SP3-BYOS-GCE
cpio-2.12-150000.3.12.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
cpio-2.12-150000.3.12.1
Image SLES15-SP3-CHOST-BYOS-Azure
cpio-2.12-150000.3.12.1
Image SLES15-SP3-CHOST-BYOS-EC2
cpio-2.12-150000.3.12.1
Image SLES15-SP3-CHOST-BYOS-GCE
cpio-2.12-150000.3.12.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
cpio-2.12-150000.3.12.1
Image SLES15-SP3-HPC-BYOS-Azure
cpio-2.12-150000.3.12.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
cpio-2.12-150000.3.12.1
Image SLES15-SP3-HPC-BYOS-GCE
cpio-2.12-150000.3.12.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
cpio-2.12-150000.3.12.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
cpio-2.12-150000.3.12.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
cpio-2.12-150000.3.12.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
cpio-2.12-150000.3.12.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
cpio-2.12-150000.3.12.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
cpio-2.12-150000.3.12.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
cpio-2.12-150000.3.12.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
cpio-2.12-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-Azure
cpio-2.12-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
cpio-2.12-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-GCE
cpio-2.12-150000.3.12.1
Image SLES15-SP3-SAPCAL-Azure
cpio-2.12-150000.3.12.1
Image SLES15-SP3-SAPCAL-EC2-HVM
cpio-2.12-150000.3.12.1
Image SLES15-SP3-SAPCAL-GCE
cpio-2.12-150000.3.12.1
SUSE Enterprise Storage 7.1
cpio-2.12-150000.3.12.1
cpio-lang-2.12-150000.3.12.1
cpio-mt-2.12-150000.3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
cpio-2.12-150000.3.12.1
cpio-lang-2.12-150000.3.12.1
cpio-mt-2.12-150000.3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
cpio-2.12-150000.3.12.1
cpio-lang-2.12-150000.3.12.1
cpio-mt-2.12-150000.3.12.1
SUSE Linux Enterprise Micro 5.1
cpio-2.12-150000.3.12.1
SUSE Linux Enterprise Micro 5.2
cpio-2.12-150000.3.12.1
SUSE Linux Enterprise Server 15 SP2-LTSS
cpio-2.12-150000.3.12.1
cpio-lang-2.12-150000.3.12.1
cpio-mt-2.12-150000.3.12.1
SUSE Linux Enterprise Server 15 SP3-LTSS
cpio-2.12-150000.3.12.1
cpio-lang-2.12-150000.3.12.1
cpio-mt-2.12-150000.3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
cpio-2.12-150000.3.12.1
cpio-lang-2.12-150000.3.12.1
cpio-mt-2.12-150000.3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
cpio-2.12-150000.3.12.1
cpio-lang-2.12-150000.3.12.1
cpio-mt-2.12-150000.3.12.1
Ссылки
- Link for SUSE-SU-2024:0824-1
- E-Mail link for SUSE-SU-2024:0824-1
- SUSE Security Ratings
- SUSE Bug 1218571
- SUSE Bug 1219238
- SUSE CVE CVE-2023-7207 page
Описание
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
Затронутые продукты
Container suse/ltss/sle15.3/bci-base:latest:cpio-2.12-150000.3.12.1
Container suse/sle-micro-rancher/5.2:latest:cpio-2.12-150000.3.12.1
Container suse/sle-micro/5.1/toolbox:latest:cpio-2.12-150000.3.12.1
Container suse/sle-micro/5.2/toolbox:latest:cpio-2.12-150000.3.12.1
Ссылки
- CVE-2023-7207
- SUSE Bug 1218571