openSUSE-SU-2019:2593-1

Опубликовано: 30 нояб. 2019

Источник: suse-cvrf

Описание

Security update for cpio

This update for cpio fixes the following issues:

CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

cpio-2.12-lp150.2.3.1

cpio-lang-2.12-lp150.2.3.1

cpio-mt-2.12-lp150.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S6XCUOVCXNQ6F2SKISA7LWT5WFS5W7MT/#S6XCUOVCXNQ6F2SKISA7LWT5WFS5W7MT
E-Mail link for openSUSE-SU-2019:2593-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1155199
SUSE Bug 1155199
https://www.suse.com/security/cve/CVE-2019-14866/
SUSE CVE CVE-2019-14866 page

Описание

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

Затронутые продукты

openSUSE Leap 15.0:cpio-2.12-lp150.2.3.1

openSUSE Leap 15.0:cpio-lang-2.12-lp150.2.3.1

openSUSE Leap 15.0:cpio-mt-2.12-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-14866.html
CVE-2019-14866
https://bugzilla.suse.com/1155199
SUSE Bug 1155199

openSUSE-SU-2019:2593-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-14866

Описание

Затронутые продукты

Ссылки