Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 48 articles for you...
91
security advisoryGentooarbitrary code executionGentoo: GLSA-202407-08 Normal: gzip Security Vulnerability Exploit
A vulnerability has been discovered in cpio, which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cpio: Arbitrary Code Execution Date: July 01, 2024 Bugs: #807088 ID: 202407-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in cpio, which can lead to arbitrary code execution. Background ========== cpio is a file archival tool which can also read and write tar files. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ app-arch/cpio < 2.13-r1 > = 2.13-r1 Description =========== Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details. Impact ====== GNU cpio allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. Workaround ========== There is no known workaround at this time. Resolution ========== All cpio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/cpio-2.13-r1" References ========== [ 1 ] CVE-2016-2037 https://nvd.nist.gov/vuln/detail/CVE-2016-2037 [ 2 ] CVE-2019-14866 https://nvd.nist.gov/vuln/detail/CVE-2019-14866 [ 3 ] CVE-2021-38185 https://nvd.nist.gov/vuln/detail/CVE-2021-38185 Availability ============ This GLSA and any updates to it are available for viewing at theGentoo Security Website: https://security.gentoo.org/glsa/202407-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 01, 2024
Gentoo
100
security advisorysecurity updatemoderate threatSUSE: 2024:0310-4 Moderate: tar Security Update addressing CVE-2023-7250
* bsc#1218571 * bsc#1219238 Cross-References: * CVE-2023-7207 . # Security update for cpio Announcement ID: SUSE-SU-2024:0305-2 Rating: moderate References: * bsc#1218571 * bsc#1219238 Cross-References: * CVE-2023-7207 CVSS scores: * CVE-2023-7207 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for cpio fixes the following issues: * Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-305=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-305=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-305=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-305=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-305=1 * SUSE Manager Proxy4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-305=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-305=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-305=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * cpio-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * cpio-lang-2.13-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * cpio-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * cpio-lang-2.13-150400.3.6.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * cpio-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * cpio-lang-2.13-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * cpio-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * cpio-lang-2.13-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * cpio-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-debuginfo-2.13-150400.3.6.1 *cpio-mt-2.13-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * cpio-lang-2.13-150400.3.6.1 * SUSE Manager Proxy 4.3 (x86_64) * cpio-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * SUSE Manager Proxy 4.3 (noarch) * cpio-lang-2.13-150400.3.6.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * cpio-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * cpio-lang-2.13-150400.3.6.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * cpio-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * SUSE Manager Server 4.3 (noarch) * cpio-lang-2.13-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-7207.html * https://bugzilla.suse.com/show_bug.cgi?id=1218571 * https://bugzilla.suse.com/show_bug.cgi?id=1219238 . Oracle Linux security patch for tar mitigates the low risk associated with CVE-2023-3210, thereby bolstering overall system integrity.. SUSE Updates, cpio Security, Moderate Threat Updates. . LinuxSecurity.com Team
May 13, 2024
SuSE
172
security advisorysecurity issuesoftware updateUbuntu 23.10, 22.04 LTS, 20.04 LTS USN-6755-1 Critical CPIO Vulnerability
GNU cpio could be made to write files outside the target directory.. ========================================================================== Ubuntu Security Notice USN-6755-1 April 29, 2024 cpio vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: GNU cpio could be made to write files outside the target directory. Software Description: - cpio: a tool to manage archives of files Details: Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the option --no-absolute-filenames. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 cpio 2.13+dfsg-7.1ubuntu0.1 Ubuntu 22.04 LTS cpio 2.13+dfsg-7ubuntu0.1 Ubuntu 20.04 LTS cpio 2.13+dfsg-2ubuntu0.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6755-1 CVE-2023-7207 Package Information: https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-7.1ubuntu0.1 https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-7ubuntu0.1 https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-2ubuntu0.4 . The Ubuntu Security Notice USN-6756-1 pertains to vulnerabilities found in the tar package that impact Ubuntu 23.10, 22.04 LTS, and 20.04 LTS.. Ubuntu Security,cpio Issues,Security Notices,Software Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Apr 29, 2024
•Critical
Ubuntu
100
security advisorymoderatesecurity updateSUSE: 2024:0824-1 Moderate: Cpio Path Traversal Threat Mitigated
* bsc#1218571 * bsc#1219238 Cross-References: * CVE-2023-7207 . # Security update for cpio Announcement ID: SUSE-SU-2024:0824-1 Rating: moderate References: * bsc#1218571 * bsc#1219238 Cross-References: * CVE-2023-7207 CVSS scores: * CVE-2023-7207 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for cpio fixes the following issues: * CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-824=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-824=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-824=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patchSUSE-SLE-Product-SLES-15-SP3-LTSS-2024-824=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-824=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-824=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-824=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-824=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-824=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-824=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cpio-mt-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-mt-debuginfo-2.12-150000.3.12.1 * cpio-debuginfo-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * cpio-lang-2.12-150000.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cpio-mt-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-mt-debuginfo-2.12-150000.3.12.1 * cpio-debuginfo-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * cpio-lang-2.12-150000.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cpio-mt-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-mt-debuginfo-2.12-150000.3.12.1 * cpio-debuginfo-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * cpio-lang-2.12-150000.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cpio-mt-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 *cpio-mt-debuginfo-2.12-150000.3.12.1 * cpio-debuginfo-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * cpio-lang-2.12-150000.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cpio-mt-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-mt-debuginfo-2.12-150000.3.12.1 * cpio-debuginfo-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * cpio-lang-2.12-150000.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cpio-mt-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-mt-debuginfo-2.12-150000.3.12.1 * cpio-debuginfo-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * cpio-lang-2.12-150000.3.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cpio-mt-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-mt-debuginfo-2.12-150000.3.12.1 * cpio-debuginfo-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Enterprise Storage 7.1 (noarch) * cpio-lang-2.12-150000.3.12.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * cpio-debuginfo-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cpio-debuginfo-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cpio-debuginfo-2.12-150000.3.12.1 * cpio-debugsource-2.12-150000.3.12.1 * cpio-2.12-150000.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-7207.html * https://bugzilla.suse.com/show_bug.cgi?id=1218571 * https://bugzilla.suse.com/show_bug.cgi?id=1219238 . Addressing path traversal vulnerabilities in cpio through a securityenhancement for SUSE offerings to improve overall safety and resilience.. SUSE Update, cpio Security, Path Traversal, Moderate Severity, Linux Security Patch. . LinuxSecurity.com Team
Mar 08, 2024
SuSE
100
security advisorymoderatecpioSUSE: 2024:0825-1 Moderate: cpio Extraction Fix with Security Updates
* bsc#1218571 * bsc#1219238 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 . # Security update for cpio Announcement ID: SUSE-SU-2024:0825-1 Rating: moderate References: * bsc#1218571 * bsc#1219238 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two security fixes can now be installed. ## Description: This update for cpio fixes the following issues: * Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-825=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-825=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-825=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * cpio-2.11-36.21.1 * cpio-debuginfo-2.11-36.21.1 * cpio-debugsource-2.11-36.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * cpio-lang-2.11-36.21.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * cpio-2.11-36.21.1 * cpio-debuginfo-2.11-36.21.1 * cpio-debugsource-2.11-36.21.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * cpio-lang-2.11-36.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * cpio-2.11-36.21.1 * cpio-debuginfo-2.11-36.21.1 * cpio-debugsource-2.11-36.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) *cpio-lang-2.11-36.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1218571 * https://bugzilla.suse.com/show_bug.cgi?id=1219238 . Important patch released for cpio in SUSE Enterprise solutions tackling several problems related to setup and configuration.. cpio Security Update, SUSE Linux Patch, Enterprise Server Fix. . Severity: Important. LinuxSecurity.com Team
Mar 08, 2024
•Important
SuSE
100
security advisorymoderateupdateSUSE: 2024:0305-1 moderate vulnerability in cpio extraction process
* bsc#1218571 * bsc#1219238 Affected Products: * Basesystem Module 15-SP5 . # Security update for cpio Announcement ID: SUSE-SU-2024:0305-1 Rating: moderate References: * bsc#1218571 * bsc#1219238 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two security fixes can now be installed. ## Description: This update for cpio fixes the following issues: * Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-305=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-305=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-305=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-305=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-305=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-305=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-305=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-305=1 * SUSE Linux EnterpriseMicro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-305=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-305=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * cpio-lang-2.13-150400.3.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * cpio-lang-2.13-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) *cpio-debuginfo-2.13-150400.3.6.1 * cpio-mt-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 * cpio-mt-debuginfo-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * Basesystem Module 15-SP5 (noarch) * cpio-lang-2.13-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1218571 * https://bugzilla.suse.com/show_bug.cgi?id=1219238 . Critical patch for tar impacts various distributions of OpenSUSE with a considerable severity level for reported vulnerabilities.. SUSE Security Advisory, cpio Update, openSUSE Leap 15.4, Security Fix, Software Update. . LinuxSecurity.com Team
Feb 01, 2024
SuSE
100
security advisorymoderateupdateSUSE: 2024:393-1 Moderate: suse/postgres Security Update for Path Traversal
The container suse/postgres was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:393-1 Container Tags : suse/postgres:15 , suse/postgres:15-16.9 , suse/postgres:15.5 , suse/postgres:15.5-16.9 Container Release : 16.9 Severity : moderate Type : security References : 1218571 CVE-2023-7207 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). The following package changes have been done: - libuuid1-2.37.4-150500.9.3.1 updated - libsmartcols1-2.37.4-150500.9.3.1 updated - libblkid1-2.37.4-150500.9.3.1 updated - libfdisk1-2.37.4-150500.9.3.1 updated - cpio-2.13-150400.3.3.1 updated - libmount1-2.37.4-150500.9.3.1 updated - util-linux-2.37.4-150500.9.3.1 updated - container:sles15-image-15.0.0-36.5.77 updated . Recent security patches for the debian/mysql container address vulnerabilities related to SQL injection and other essential upgrades.. SUSE/Container,SUSE/Postgres,SUSE/Security Update,Path Traversal Fix,CPIO Update. . LinuxSecurity.com Team
Jan 28, 2024
SuSE
100
security advisorymoderateupdateSUSE SLES12SP5: 2024:383-1 moderate: cpio path traversal
The container suse/sles12sp5 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:383-1 Container Tags : suse/sles12sp5:6.5.559 , suse/sles12sp5:latest Container Release : 6.5.559 Severity : moderate Type : security References : 1218571 CVE-2023-7207 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:248-1 Released: Fri Jan 26 14:09:01 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). The following package changes have been done: - cpio-2.11-36.18.1 updated . SUSE Security Notification SUSE-CU-2024:383-1 addresses vulnerabilities in cpio for suse/sles12sp5 with crucial patches. SUSE Container Update,cpu Security Update,SUSE Advisory 2024. . LinuxSecurity.com Team
Jan 28, 2024
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!