Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu: 5064-1 Moderate: cpio Service Disruption and Remote Code Flaw

ubuntu
Calendar Grey September 8, 2021
Dist Ubuntu Esm H88
Ubuntu Security Alert USN-5065-1 highlights the cpio flaw impacting several versions. Ensure you update your systems immediately.
GNU cpio could be made to crash or run programs if it opened a specially crafted file.

Summary

GNU cpio could be made to crash or run programs if it opened a specially

crafted file.

Software Description:

- cpio: a tool to manage archives of files

Details:

Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled

certain pattern files. A remote attacker could use this issue to cause cpio

to crash, resulting in a denial of service, or possibly execute arbitrary

code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  cpio                            2.13+dfsg-4ubuntu0.3

Ubuntu 20.04 LTS:
  cpio                            2.13+dfsg-2ubuntu0.3

Ubuntu 18.04 LTS:
  cpio                            2.12+dfsg-6ubuntu0.18.04.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5064-1

CVE-2021-38185

September 08, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.