Download
| Alert*
|
oval:org.secpod.oval:def:89003276
This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct function which could have led to unexpected TAR generation . oval:org.secpod.oval:def:506134 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpected tar generation For more details about the security issue, including the ... oval:org.secpod.oval:def:89050544 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct function which could have led to unexpected TAR generation . oval:org.secpod.oval:def:4501382 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpected tar generation For more details about the security issue, including the ... oval:org.secpod.oval:def:705266 cpio: a tool to manage archives of files GNU cpio could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:73578 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpected tar generation For more details about the security issue, including the ... oval:org.secpod.oval:def:205622 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpect tar generation For more details about the security issue, including the i ... oval:org.secpod.oval:def:504307 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpect tar generation For more details about the security issue, including the i ... oval:org.secpod.oval:def:1700428 It was discovered cpio does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracti ... oval:org.secpod.oval:def:59617 cpio: a tool to manage archives of files GNU cpio could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:2500414 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. oval:org.secpod.oval:def:1504921 [2.12-10] - Fixed improper input validation when writing tar header fields [2.12-9] - Extract: retain times for symlinks oval:org.secpod.oval:def:1504358 [2.11-28] - Improper input validation when writing tar header fields |
