You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa GNU cpio

Sigurnosni nedostatak programskog paketa GNU cpio

by - 0

==========================================================================
Ubuntu Security Notice USN-4176-1
November 06, 2019

cpio vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

GNU cpio could be made to expose sensitive information if it received
a specially crafted input.

Software Description:
– cpio: a tool to manage archives of files

Details:

Thomas Habets discovered that GNU cpio incorrectly handled certain inputs.
An attacker could possibly use this issue to access sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
cpio 2.12+dfsg-9ubuntu0.1

Ubuntu 19.04:
cpio 2.12+dfsg-6ubuntu0.19.04.1

Ubuntu 18.04 LTS:
cpio 2.12+dfsg-6ubuntu0.18.04.1

Ubuntu 16.04 LTS:
cpio 2.11+dfsg-5ubuntu1.1

Ubuntu 14.04 ESM:
cpio 2.11+dfsg-1ubuntu1.2+esm1

Ubuntu 12.04 ESM:
cpio 2.11-7ubuntu3.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4176-1
CVE-2019-14866

Package Information:
https://launchpad.net/ubuntu/+source/cpio/2.12+dfsg-9ubuntu0.1
https://launchpad.net/ubuntu/+source/cpio/2.12+dfsg-6ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/cpio/2.12+dfsg-6ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/cpio/2.11+dfsg-5ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdwwecAAoJEEW851uECx9pgckQALDH6TSF3MOjFeEgM6dfGI/X
e6rS/WXA8nNmWSR2bWLPUmi5HrIGssUcQVmr1QMLsn7nz751uSpZyBFd6w6rmyPZ
yruCkF9tqCyOBUtI+NoWEk46wIMOxHEBHELP7jfMpGq5FUiwSiklvNe7KtynnjQq
jBDpr7NPJ1yPJcHlj6jy5RwX/GrZsNBMAhfBjPiOiF1lt95d0pEr67bg8Xq/CMiR
j/6Qat45shQ78JXzWH5ORp0NvQACvdm7GCRUYF+J4DRoZxNJQ/2sMGMipfLKTXhb
+eHyninWhgfc6Wtryc7csVQN/U7Y9rxeuXsiR/udXGjS/0UK5NyIaBdd9WPO2kL5
za7kkbRhTuDBuVNKm4A3j3OK8fWHXZOg/zevGmtS/9otXbF73U2a9ZVk6PZQl0z2
QrfatRo/GIZncaARfuNSVGi4JvEkAl4/IcUxTlEA8co563YQlg1yYs+G4ifBZMOv
Wk9XM9sJMMv9uIoVj18JZDfRl/0yaODUqkHWtHsLUcdY1dVRY+0ek+IgYk57pZpa
pLh4oliPazvez0qM7Ii9+najdF2nPUQZANrdUbezEa68BI0XPcfF41S+llOftyi3
01DUoskFIYXIJ+LshNito2RbiWb9BR1N03HJ1ol4OvLQFUfX3oJSCFfADPK0LWim
ObQ7eAD56q3+5qHM77cV
=4PGl
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa thunderbird

Otkriveni su sigurnosni nedostaci u programskom paketu thunderbird za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS...

Close