openSUSE-SU-2021:2689-1

Опубликовано: 16 авг. 2021

Источник: suse-cvrf

Описание

Security update for cpio

This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)

UPDATE: This update was buggy and could lead to hangs, so it has been retracted. There will be a follow up update.

Список пакетов

openSUSE Leap 15.3

cpio-2.12-3.6.1

cpio-lang-2.12-3.6.1

cpio-mt-2.12-3.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XORUFH2I27QQWZXGSRUKWLXW5NX5KLXA/
E-Mail link for openSUSE-SU-2021:2689-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1189206
SUSE Bug 1189206
https://www.suse.com/security/cve/CVE-2021-38185/
SUSE CVE CVE-2021-38185 page

Описание

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.

Затронутые продукты

openSUSE Leap 15.3:cpio-2.12-3.6.1

openSUSE Leap 15.3:cpio-lang-2.12-3.6.1

openSUSE Leap 15.3:cpio-mt-2.12-3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-38185.html
CVE-2021-38185
https://bugzilla.suse.com/1189206
SUSE Bug 1189206
https://bugzilla.suse.com/1189486
SUSE Bug 1189486
https://bugzilla.suse.com/1192364
SUSE Bug 1192364
https://bugzilla.suse.com/1193391
SUSE Bug 1193391
https://bugzilla.suse.com/1200733
SUSE Bug 1200733

openSUSE-SU-2021:2689-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-38185

Описание

Затронутые продукты

Ссылки