|
|
Subscribe / Log in / New account

Debian alert DLA-3445-1 (cpio)



From:
              Adrian Bunk <bunk@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3445-1] cpio security update


Date:
              Sun, 04 Jun 2023 23:12:22 +0300


Message-ID:
              <ZHzwJtTsMM5bA9p0@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3445-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
June 04, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cpio
Version        : 2.12+dfsg-9+deb10u1
CVE ID         : CVE-2019-14866 CVE-2021-38185
Debian Bug     : 941412 992045

Two vulnerabilities were fixed in GNU cpio, a program to manage 
archives of files.

CVE-2019-14866

    Improper validation of input files when generatingtar archives.

CVE-2021-38185

    Arbitrary code via crafted pattern file.

For Debian 10 buster, these problems have been fixed in version
2.12+dfsg-9+deb10u1.

We recommend that you upgrade your cpio packages.

For the detailed security status of cpio please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cpio

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmR88CIACgkQiNJCh6LY
mLFEnw//dJUPmrc9TF3gc0O8DcOf7y1dre2POsQzNm3NVBFsewVro5EM61s3pQAE
dt6k3wY5fxEzlu63ul8/ADPhKDWFhmOY2lUznxG9svjC/yVFFeFQXPLc/PAyqsrm
DezOIsi/WCCCtOLjrdeRera19urF9/lc70ANdIEgN4MmH1YG2tOk/c2Jd3SQMHpF
8RzYcPCCQB3+7YcMtei++WSxNaFT8ELWxIE6B6rDnpTps3whFQhDAfkNWmId+yUG
6UB6fO0HsqY3oRyEx4oatpYM+ua9xPDf6ydV3mIbOwV6TgcwjglVgeoP08Rzpwto
w7dNQoM9WKrzPxXgB8hiRXzPPW70/vtQ7kd+J1ygDVhSl4QXEtPoTyva5eXb4KMR
WWAbi0uG7nznI6iJ0Z/3egS3yY5Jh7s+BH14t74wnZ8zVp6HCO16Lpyyo48F30em
CkBXxbpfzBFdRv1anK0GdIcB/Kt2poPYiCjZxvlyzvwMYwJfVnKEH5hwekbvxrnc
EEEHiDRU2vIZs5vHikYQDWenTRqX7XnuzIvFJYV/lYKvtwPuUZS4cC+F1a3SDSZV
OKmiCr+GLtjbngYQUZKasibYd3a6ePH89loOWA9e/jbkG2LpJwhy7e74SqrGsVLS
qHzOeW5su6Nn+ETBIoZ6CRrsF5p5ZprAjofnOkS0lRjFh/pXw8c=
=j8tT
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds