Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorysecurity issuecriticalRed Hat: 2021:307-2 Critical: Remote Code Execution in RHEL/8 Container
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:290-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.441 Container Release : 4.22.441 Severity : critical Type : security References : 1189206 1189465 1189465 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) . Important patch for SUSE Container resolving remote execution vulnerabilities and correcting cpio-related problems.. SUSE Container Advisory, Remote Code Execution, CPIO Update. . Severity:Critical. LinuxSecurity.com Team
Aug 26, 2021
•Critical
SuSE
100
security advisoryimportantsegmentation faultSUSE OpenStack Cloud 2021:2808-1 Critical: Cpio Segmentation Fault
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2808-1 Rating: important References: #1189465 Cross-References: CVE-2021-38185 CVSS scores: CVE-2021-38185 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2808=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2808=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2808=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2808=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2808=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2808=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2808=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2808=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2808=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2808=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2808=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2808=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): cpio-lang-2.11-36.15.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): cpio-lang-2.11-36.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE OpenStack Cloud 9 (noarch): cpio-lang-2.11-36.15.1 - SUSE OpenStack Cloud 9 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE OpenStack Cloud 8 (noarch): cpio-lang-2.11-36.15.1 - SUSE OpenStack Cloud 8 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): cpio-lang-2.11-36.15.1 - SUSE LinuxEnterprise Server for SAP 12-SP3 (ppc64le x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - HPE Helion Openstack 8 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - HPE Helion Openstack 8 (noarch): cpio-lang-2.11-36.15.1 References: https://www.suse.com/security/cve/CVE-2021-38185.html https://bugzilla.suse.com/1189465 . A crucial security patch for cpio resolves an impending segmentation fault issue affecting various SUSE platforms, including OpenStack implementations.. SUSE Linux Enterprise,c-pio update,OpenStack security,patch instruction,system vulnerabilities.. Severity: Critical. LinuxSecurity.com Team
Aug 23, 2021
•Critical
SuSE
98
security advisorymoderateupdateRHEL 8: RHSA-2021-1582-01 Moderate: cpio Input Validation Issue
An update for cpio is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cpio security update Advisory ID: RHSA-2021:1582-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1582 Issue date: 2021-05-18 CVE Names: CVE-2019-14866 ==================================================================== 1. Summary: An update for cpio is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix(es): * cpio: improper input validation when writing tar header fields leads to unexpected tar generation (CVE-2019-14866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1487673 - cpio does not preserve soft link time 1765511 - CVE-2019-14866 cpio: improper input validation when writing tar header fields leads to unexpected tar generation 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: cpio-2.12-10.el8.src.rpm aarch64: cpio-2.12-10.el8.aarch64.rpm cpio-debuginfo-2.12-10.el8.aarch64.rpm cpio-debugsource-2.12-10.el8.aarch64.rpm ppc64le: cpio-2.12-10.el8.ppc64le.rpm cpio-debuginfo-2.12-10.el8.ppc64le.rpm cpio-debugsource-2.12-10.el8.ppc64le.rpm s390x: cpio-2.12-10.el8.s390x.rpm cpio-debuginfo-2.12-10.el8.s390x.rpm cpio-debugsource-2.12-10.el8.s390x.rpm x86_64: cpio-2.12-10.el8.x86_64.rpm cpio-debuginfo-2.12-10.el8.x86_64.rpm cpio-debugsource-2.12-10.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYKPtiNzjgjWX9erEAQjiaw/9HrTWh2flu6ekZLC5Fv9AjNSy1OobcNFB T0Dmne9uKK44i9/z8GWpsYTmB61m1xLUkKnxT93oDBsDzPX4A2RwPU3TtAZ3OTyC PghuF0O8dMGY+8m5Re7Li6WBTaOmfE4/DOsHA0lJH8tU9bNzRaLsK7jtts3agt8Q f5IyfXjX8Te7qVR2EhsmtHfV9ckle1tDMBgJdXyPIfOJRj2Syk2qWmt8/MCVCYke NnVba5wNOsbH+qYYlMG+IRlNIzSigYufBCUt8H1DxcHjbO2k1SCftXeh6YZ/E2cY vfAsXk5f5JBK53YYE59LpHur8rl5Z8vpGFYIK1mE/eC8LCZLzmob63VMmWzEdG3t lIxLQemN7cxFNCG72f8RaUJAoVA/jXUXMKG+vHaFWwc5I3yf6n+b6Bhh8sv9uFeY 2fh4HEr80hdm0/jX8LWlD1KQd89z4iwhsTKbswYmhksHDMqcOy8XsRGJJKCq9sUo Yel94Vy7xwikiNOh49GYmErCc6g6P0n4WFfLlSbvTcHy10JaoTINaHqnajYlAhRa VpAFqIpakFtJHH3StaTAMaXkRLaJVnK2zwD6z7HdFSCeHjif2Ukh8fTmbeTJonO8 Dy3NpBXH2z/qaMr2tMqakwdy2oZECBXlsxZMNt3z+TGIKH5J7kvpMERKUIQOg0FH bBV9zPo/kVM=PgJj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2021
Red Hat
200
security advisorymoderate threatheap overflowScientific Linux 7: SLSA-2015:2108-3 Moderate Cpio Heap Overflow
Moderate: cpio security and bug fix update. Date: Mon, 21 Dec 2015 23:13:02 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: cpio on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: cpio security and bug fix update Advisory ID: SLSA-2015:2108-3 Issue Date: 2015-11-19 CVE Numbers: CVE-2014-9112 -- A heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution. (CVE-2014-9112) This update fixes the following bugs: * Previously, during archive creation, cpio internals did not detect a read() system call failure. Based on the premise that the call succeeded, cpio terminated unexpectedly with a segmentation fault without processing further files. The underlying source code has been patched, and an archive is now created successfully. * Previously, running the cpio command without parameters on Scientific Linux 7 with Russian as the default language resulted in an error message that was not accurate in Russian due to an error in spelling. This has been corrected and the Russian error message is spelled correctly. -- SL7 x86_64 cpio-2.11-24.el7.x86_64.rpm cpio-debuginfo-2.11-24.el7.x86_64.rpm - Scientific Linux Development Team . The recent cpio security patch addresses a critical heap overflow vulnerability, mitigating risks of unauthorized code execution.. Scientific Linux, Cpio Update, Heap Overflow, Security Fix, Software Update. . LinuxSecurity.com Team
Dec 21, 2015
Scientific Linux
98
security advisoryRed Hatbuffer overflowRed Hat Enterprise Linux 3: RHSA-2010:0145 Moderate: Cpio Buffer Overflow
An updated cpio package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cpio security update Advisory ID: RHSA-2010:0145-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0145.html Issue date: 2010-03-15 CVE Names: CVE-2005-4268 CVE-2010-0624 ==================================================================== 1. Summary: An updated cpio package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue. A stack-based buffer overflow flaw was found in the way cpio expanded large archive files. If a user expanded a specially-crafted archive, it could cause the cpio executable to crash. This issue only affected 64-bit platforms. (CVE-2005-4268) Users of cpio are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-releasederrata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 229191 - CVE-2005-4268 cpio large filesize buffer overflow 564368 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive 6. Package List: Red Hat Enterprise Linux AS version 3: Source: i386: cpio-2.5-6.RHEL3.i386.rpm cpio-debuginfo-2.5-6.RHEL3.i386.rpm ia64: cpio-2.5-6.RHEL3.ia64.rpm cpio-debuginfo-2.5-6.RHEL3.ia64.rpm ppc: cpio-2.5-6.RHEL3.ppc.rpm cpio-debuginfo-2.5-6.RHEL3.ppc.rpm s390: cpio-2.5-6.RHEL3.s390.rpm cpio-debuginfo-2.5-6.RHEL3.s390.rpm s390x: cpio-2.5-6.RHEL3.s390x.rpm cpio-debuginfo-2.5-6.RHEL3.s390x.rpm x86_64: cpio-2.5-6.RHEL3.x86_64.rpm cpio-debuginfo-2.5-6.RHEL3.x86_64.rpm Red Hat Desktop version 3: Source: i386: cpio-2.5-6.RHEL3.i386.rpm cpio-debuginfo-2.5-6.RHEL3.i386.rpm x86_64: cpio-2.5-6.RHEL3.x86_64.rpm cpio-debuginfo-2.5-6.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: cpio-2.5-6.RHEL3.i386.rpm cpio-debuginfo-2.5-6.RHEL3.i386.rpm ia64: cpio-2.5-6.RHEL3.ia64.rpm cpio-debuginfo-2.5-6.RHEL3.ia64.rpm x86_64: cpio-2.5-6.RHEL3.x86_64.rpm cpio-debuginfo-2.5-6.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: i386: cpio-2.5-6.RHEL3.i386.rpm cpio-debuginfo-2.5-6.RHEL3.i386.rpm ia64: cpio-2.5-6.RHEL3.ia64.rpm cpio-debuginfo-2.5-6.RHEL3.ia64.rpm x86_64: cpio-2.5-6.RHEL3.x86_64.rpm cpio-debuginfo-2.5-6.RHEL3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2005-4268 https://access.redhat.com/security/cve/CVE-2010-0624 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. . Recent updates include security patches for the cpio utility, fixing buffer overflow vulnerabilities that might increase user permissions in Red Hat Enterprise Linux. cpio security fix, Red Hat updates, buffer overflow patch. . LinuxSecurity.com Team
Mar 15, 2010
Red Hat
98
security advisorymoderatebuffer overflowRed Hat Enterprise Linux 4 RHSA-2010:0143-01 Moderate: CPIO Buffer Overflow
An updated cpio package that fixes one security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cpio security update Advisory ID: RHSA-2010:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0143.html Issue date: 2010-03-15 CVE Names: CVE-2010-0624 ==================================================================== 1. Summary: An updated cpio package that fixes one security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting this issue. Users of cpio are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 564368 - CVE-2010-0624 tar, cpio:Heap-based buffer overflow by expanding a specially-crafted archive 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: cpio-2.5-16.el4_8.1.i386.rpm cpio-debuginfo-2.5-16.el4_8.1.i386.rpm ia64: cpio-2.5-16.el4_8.1.ia64.rpm cpio-debuginfo-2.5-16.el4_8.1.ia64.rpm ppc: cpio-2.5-16.el4_8.1.ppc.rpm cpio-debuginfo-2.5-16.el4_8.1.ppc.rpm s390: cpio-2.5-16.el4_8.1.s390.rpm cpio-debuginfo-2.5-16.el4_8.1.s390.rpm s390x: cpio-2.5-16.el4_8.1.s390x.rpm cpio-debuginfo-2.5-16.el4_8.1.s390x.rpm x86_64: cpio-2.5-16.el4_8.1.x86_64.rpm cpio-debuginfo-2.5-16.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: cpio-2.5-16.el4_8.1.i386.rpm cpio-debuginfo-2.5-16.el4_8.1.i386.rpm x86_64: cpio-2.5-16.el4_8.1.x86_64.rpm cpio-debuginfo-2.5-16.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: cpio-2.5-16.el4_8.1.i386.rpm cpio-debuginfo-2.5-16.el4_8.1.i386.rpm ia64: cpio-2.5-16.el4_8.1.ia64.rpm cpio-debuginfo-2.5-16.el4_8.1.ia64.rpm x86_64: cpio-2.5-16.el4_8.1.x86_64.rpm cpio-debuginfo-2.5-16.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: cpio-2.5-16.el4_8.1.i386.rpm cpio-debuginfo-2.5-16.el4_8.1.i386.rpm ia64: cpio-2.5-16.el4_8.1.ia64.rpm cpio-debuginfo-2.5-16.el4_8.1.ia64.rpm x86_64: cpio-2.5-16.el4_8.1.x86_64.rpm cpio-debuginfo-2.5-16.el4_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-0624 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. . A revised cpio package addresses a significant security vulnerability on Red Hat Enterprise Linux 4. Discover further details about this update.. cpio Update, Red Hat Advisory, Security Patch, Linux EnterpriseFix. . LinuxSecurity.com Team
Mar 15, 2010
Red Hat
200
security advisorybuffer overflowlocal exploitScientific Linux: 2007-05-01 Low Severity cpio Buffer Overflow Exploit
Low: cpio security and bug fix update. Date: Wed, 9 May 2007 15:10:27 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA for SL4 cpio on i386/x86_64 Comments: To: scientific Synopsis: Low: cpio security and bug fix update Issue date: 2007-05-01 CVE Names: CVE-2005-4268 A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with the target user's privileges. (CVE-2005-4268) SRPMS: cpio-2.5-13.RHEL4.src.rpm i386: cpio-2.5-13.RHEL4.i386.rpm x86_64: cpio-2.5-13.RHEL4.x86_64.rpm -Connie Sieh -Troy Dawson . Explore the latest security update for Scientific Linux related to cpio, addressing a buffer overflow vulnerability to strengthen system security against threats. Scientific Linux Security, cpio Update, Buffer Overflow Fix, Linux Security Advisory. . Severity: Low. LinuxSecurity.com Team
May 09, 2007
•Low
Scientific Linux
98
security advisoryred hatlow severityRed Hat: RHSA-2005:073-01 Low: Cpio Umask Security Issue
An updated cpio package that fixes a umask bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: cpio security update Advisory ID: RHSA-2005:073-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:073.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-1999-1572 - ---------------------------------------------------------------------1. Summary: An updated cpio package that fixes a umask bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GNU cpio copies files into or out of a cpio or tar archive. It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all can read and write) regardless of the user's umask setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-1999-1572 to this issue. Users of cpio should upgrade to this updated package, which resolves this issue. Red Hat would like to thank Mike O'Connor for bringing this issue to our attention. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the followingcommand: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145725 - CAN-1999-1572 cpio insecure file creation 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: f81762b300053347ae0a624a459c60eb cpio-2.5-7.EL4.1.src.rpm i386: 3d34cc1565e00928cd59b33b3cc25bec cpio-2.5-7.EL4.1.i386.rpm ia64: c51a21e61349908197e629af8c86e619 cpio-2.5-7.EL4.1.ia64.rpm ppc: 38e0e1b27dd0175e38ff67fceaf36ab9 cpio-2.5-7.EL4.1.ppc.rpm s390: dd7b191ed868f845fd1d74646a6ec3f8 cpio-2.5-7.EL4.1.s390.rpm s390x: 21f6e67def41f73d71bfdfed5174b7a9 cpio-2.5-7.EL4.1.s390x.rpm x86_64: 6e75a65c6f877fc4d7603f749642aabc cpio-2.5-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: f81762b300053347ae0a624a459c60eb cpio-2.5-7.EL4.1.src.rpm i386: 3d34cc1565e00928cd59b33b3cc25bec cpio-2.5-7.EL4.1.i386.rpm x86_64: 6e75a65c6f877fc4d7603f749642aabc cpio-2.5-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: f81762b300053347ae0a624a459c60eb cpio-2.5-7.EL4.1.src.rpm i386: 3d34cc1565e00928cd59b33b3cc25bec cpio-2.5-7.EL4.1.i386.rpm ia64: c51a21e61349908197e629af8c86e619 cpio-2.5-7.EL4.1.ia64.rpm x86_64: 6e75a65c6f877fc4d7603f749642aabc cpio-2.5-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: f81762b300053347ae0a624a459c60eb cpio-2.5-7.EL4.1.src.rpm i386: 3d34cc1565e00928cd59b33b3cc25bec cpio-2.5-7.EL4.1.i386.rpm ia64: c51a21e61349908197e629af8c86e619 cpio-2.5-7.EL4.1.ia64.rpm x86_64: 6e75a65c6f877fc4d7603f749642aabc cpio-2.5-7.EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://www.cve.org/CVERecord?id=CAN-1999-1572 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. . The advisory from Red Hat, titled RHSA-2005:074-01, outlines a minor patch for tar addressing a permissions flaw in secure data compression.. Red Hat Advisory, Cpio Package, Umask Problem, Linux Patch, Security Update. . Severity: Low. LinuxSecurity.com Team
Feb 15, 2005
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!