Thursday, January 27, 2022

[USN-5064-2] GNU cpio vulnerability

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsBNBGFtaTcBCAC7i3LkbLX6axK/FZfG331/G6eT97Ju85eVZIqGY/99ygs7F7S9
HvQLNBDQQau2dPvzPk0yf9mWYjuwAg833cuVNZdgc/7GeHMqbHHJ1Ah9MEz+AJOc
BOkbImqPL12rqOXQaznPOHLf4ugi+OD2h+1Gljlux/lR/nP95MHVwR3QwwLd7SXL
O35MBMSfUJWKjsCKegpfpq5/ybXrEPipSvkdG4SLcqWL59xdmashpXvn7SuMWgtp
NtjBdA91OJlhKF3oWmTGDuw54IqS19oFjDLHMN3iT2D1IpGC5PH1d5GrUts0iHmi
KKBsGjOAVYdcsFugxNQhhgN0JompSs6w5F5ZABEBAAHNPUNhbWlsYSBDYW1hcmdv
IGRlIE1hdG9zIDxjYW1pbGEuY2FtYXJnb2RlbWF0b3NAY2Fub25pY2FsLmNvbT7C
wI4EEwEKADgWIQQar3pJ0AgljW8idEtvMC0IfoupNgUCYW1pNwIbAwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBvMC0IfoupNiL0CACJv5rYXPurE2dsjYBItUzU
7B20CAga6bKVCJAG7yWgVdklzvH9Na5jsK2OtxVN4+f0cqp0mf9XJu97J+nUGbWL
tWC1oGGLPFBRs/QNMij6Eiz27Y/dJUiEt0m/b9Xgz8o+v1QZ4nRhCJtbgsPJZ0N0
92ocGqFqXBYwFr6gLgCmMO3Wy9IYufwxd2hWYLhXGA2EZJdQ4uKDxxhL+o4OxQX2
HIoxnRVwJtCk/WmTGFRuFkwYeu3ZzwUpo+8N3U/D9Q+kSE5pfWGTx03nGVEnnX9b
WirI8d1xfIXaSrOm8FHT6TPuys1rFIYIjXAC4XQn3b0t9EcljggGy6hjbYR0GIcM
zsBNBGFtaTcBCAC1y9pNNb2miT1mzv/eXa8y6e3xabw6aAbEaQLqGR85wdFOEUMm
0PL2pUvlY2JIOSt7KriUx+J4TAceFwO49IgKQ7M1GU/H9S79O0LcBHcqijki6MdT
veRetcrT06FustwlCW4dOT6pL3BMt66ImVU5ghSw/CNNvO6wa6lI/OQiYfw2GcJp
5nU+p5QOlb17+4d68bnYYJYXgrPYb8CvA61Ur3fyNE9ge5LqnPBFTFJP3clsqgD7
l0c6ayCbNJ0nfMFnVyR+jl6GYxaxVlFixRBg120BYcXUUvbxznzaQ2fsSkPRgOS7
/LwAAYDY+pjZqCfnW5L4tjlRwYj5/20uvBkJABEBAAHCwHYEGAEKACAWIQQar3pJ
0AgljW8idEtvMC0IfoupNgUCYW1pNwIbDAAKCRBvMC0IfoupNniJCACLEVEoTBul
d7AsB0uvInyL1U/OEMCeO62pnj4G8HwRmrSHswZsvChEBKCKddkHSVjE28v+gCS3
IzRiKPX+w/IWGGAXMMgBQ0iCOys37WDhA/9vtvIqDPKgM/EIfz8RjZl8OnwF3GBu
z4bIrxKRMwigKaOTHmFlgbXRSDW1mfkRZAcxA2qo4U5OFvqsRHFe0Te8Za8gu2cw
RkjZuoCTcmPFiGAwX68uLooxJ7yonUGS9+Ouc5N1EGE/IvNCRZRrjNDZt+RIZnR7
Vgf0aJ+Tak4YTtJT7DDKlGBqCxWwAnq3Junr7EXM8mMojE6+C1M+Vi2RNZZm9sju
TBAHAHs8HL6a
=VHHn
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-5064-2
January 27, 2022

cpio vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

GNU cpio could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- cpio: a tool to manage archives of files

Details:

USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides
the corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled
certain pattern files. A remote attacker could use this issue to cause cpio
to crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
cpio 2.11+dfsg-5ubuntu1.1+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5064-2
https://ubuntu.com/security/notices/USN-5064-1
CVE-2021-38185

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)