Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 23.10, 22.04 LTS, 20.04 LTS USN-6755-1 Critical CPIO Vulnerability

ubuntu
Calendar Grey April 29, 2024
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-6756-1 pertains to vulnerabilities found in the tar package that impact Ubuntu 23.10, 22.04 LTS, and 20.04 LTS.
GNU cpio could be made to write files outside the target directory.

Summary

GNU cpio could be made to write files outside the target directory.

Software Description:

- cpio: a tool to manage archives of files

Details:

Ingo Brückl discovered that cpio contained a path traversal vulnerability.

If a user or automated system were tricked into extracting a specially

crafted cpio archive, an attacker could possibly use this issue to write

arbitrary files outside the target directory on the host, even if using the

option --no-absolute-filenames.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
   cpio                            2.13+dfsg-7.1ubuntu0.1

Ubuntu 22.04 LTS
   cpio                            2.13+dfsg-7ubuntu0.1

Ubuntu 20.04 LTS
   cpio                            2.13+dfsg-2ubuntu0.4

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6755-1

  CVE-2023-7207

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6755-1

Package Information

  https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-7.1ubuntu0.1
  https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-7ubuntu0.1
  https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-2ubuntu0.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here