Download
| Alert*
oval:org.secpod.oval:def:52709
cpio: a tool to manage archives of files Several security issues were fixed in GNU cpio. oval:org.secpod.oval:def:602382 Gustavo Grieco discovered an out-of-bounds write vulnerability in cpio, a tool for creating and extracting cpio archive files, leading to a denial of service . oval:org.secpod.oval:def:601886 cpio is installed oval:org.secpod.oval:def:201707 GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges ... oval:org.secpod.oval:def:500382 GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges ... oval:org.secpod.oval:def:201774 GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges ... oval:org.secpod.oval:def:52149 cpio: a program to manage archives of files The GNU cpio program could be made to crash or run programs if it opened a specially crafted file or received specially crafted input. oval:org.secpod.oval:def:108261 GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio ... oval:org.secpod.oval:def:108163 GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio ... oval:org.secpod.oval:def:501709 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. A heap-based buffer overflow flaw was found in cpio"s list_file function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash c ... oval:org.secpod.oval:def:1501249 The remote host is missing a patch containing a security fix, which affects the following package(s): cpio oval:org.secpod.oval:def:203122 cpio is installed oval:org.secpod.oval:def:89044911 This update for cpio fixes two issues. This security issue was fixed: - CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio allowed remote attackers to cause a denial of service via a crafted cpio file . This non-security issue was fixed: - bsc#1020108: Always use 32 bit CRC to pre ... oval:org.secpod.oval:def:702988 cpio: a tool to manage archives of files Several security issues were fixed in GNU cpio. oval:org.secpod.oval:def:702353 cpio: a program to manage archives of files The GNU cpio program could be made to crash or run programs if it opened a specially crafted file or received specially crafted input. oval:org.secpod.oval:def:204221 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. A heap-based buffer overflow flaw was found in cpio"s list_file function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash c ... oval:org.secpod.oval:def:86360 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: integer overflow in ds_fgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file For more details about the security issue, ... oval:org.secpod.oval:def:89045540 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] oval:org.secpod.oval:def:89045555 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] oval:org.secpod.oval:def:19500154 GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untr ... oval:org.secpod.oval:def:89003276 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct function which could have led to unexpected TAR generation . oval:org.secpod.oval:def:4500886 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: integer overflow in ds_fgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file For more details about the security issue, ... oval:org.secpod.oval:def:89047225 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow UPDATE: This update was buggy and could lead to hangs, so it has been retracted. There will be a follow up update. oval:org.secpod.oval:def:1701200 GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untr ... oval:org.secpod.oval:def:75936 cpio: a tool to manage archives of files GNU cpio could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1505647 [2.12-11] - Fixed CVE-2021-38185 oval:org.secpod.oval:def:89050544 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct function which could have led to unexpected TAR generation . oval:org.secpod.oval:def:4501382 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpected tar generation For more details about the security issue, including the ... oval:org.secpod.oval:def:205622 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpect tar generation For more details about the security issue, including the i ... oval:org.secpod.oval:def:59617 cpio: a tool to manage archives of files GNU cpio could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:1504921 [2.12-10] - Fixed improper input validation when writing tar header fields [2.12-9] - Extract: retain times for symlinks oval:org.secpod.oval:def:2500414 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. oval:org.secpod.oval:def:73578 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: improper input validation when writing tar header fields leads to unexpected tar generation For more details about the security issue, including the ... oval:org.secpod.oval:def:33076 cpio: a tool to manage archives of files Several security issues were fixed in GNU cpio. oval:org.secpod.oval:def:52167 cpio: a tool to manage archives of files Several security issues were fixed in GNU cpio. oval:org.secpod.oval:def:3302213 Security update for cpio oval:org.secpod.oval:def:1702172 cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive oval:org.secpod.oval:def:3302315 Security update for cpio oval:org.secpod.oval:def:89051413 This update for cpio fixes the following issues: * CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction . oval:org.secpod.oval:def:89051410 This update for cpio fixes the following issues: * CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction . oval:org.secpod.oval:def:89051431 This update for cpio fixes the following issues: * Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 oval:org.secpod.oval:def:89051625 This update for cpio fixes the following issues: * CVE-2023-7207: Fixed path traversal vulnerability oval:org.secpod.oval:def:89051632 This update for cpio fixes the following issues: * Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 |