openSUSE-SU-2017:0389-1

Опубликовано: 04 фев. 2017

Источник: suse-cvrf

Описание

Security update for cpio

This update for cpio fixes two issues.

This security issue was fixed:

CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio allowed remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file (bsc#963448).

This non-security issue was fixed:

bsc#1020108: Always use 32 bit CRC to prevent checksum errors for files greater than 32MB

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

cpio-2.11-33.1

cpio-lang-2.11-33.1

openSUSE Leap 42.2

cpio-2.11-33.1

cpio-lang-2.11-33.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-02/msg00026.html
E-Mail link for openSUSE-SU-2017:0389-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Затронутые продукты

openSUSE Leap 42.1:cpio-2.11-33.1

openSUSE Leap 42.1:cpio-lang-2.11-33.1

openSUSE Leap 42.2:cpio-2.11-33.1

openSUSE Leap 42.2:cpio-lang-2.11-33.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2037.html
CVE-2016-2037
https://bugzilla.suse.com/1028410
SUSE Bug 1028410
https://bugzilla.suse.com/963448
SUSE Bug 963448

openSUSE-SU-2017:0389-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-2037

Описание

Затронутые продукты

Ссылки