Download
| Alert*
oval:org.secpod.oval:def:86360
The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: integer overflow in ds_fgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file For more details about the security issue, ... oval:org.secpod.oval:def:506861 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: integer overflow in ds_fgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file For more details about the security issue, ... oval:org.secpod.oval:def:89045525 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow oval:org.secpod.oval:def:89045502 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow oval:org.secpod.oval:def:89045523 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow UPDATE: This update was buggy and could lead to hangs, so it has been retracted. There will be a follow up update. oval:org.secpod.oval:def:89045555 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] oval:org.secpod.oval:def:89045540 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] oval:org.secpod.oval:def:19500154 GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untr ... oval:org.secpod.oval:def:75936 cpio: a tool to manage archives of files GNU cpio could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:4500886 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: integer overflow in ds_fgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file For more details about the security issue, ... oval:org.secpod.oval:def:89047225 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow UPDATE: This update was buggy and could lead to hangs, so it has been retracted. There will be a follow up update. oval:org.secpod.oval:def:1505647 [2.12-11] - Fixed CVE-2021-38185 oval:org.secpod.oval:def:2500754 The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. oval:org.secpod.oval:def:706129 cpio: a tool to manage archives of files GNU cpio could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1701200 GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untr ... |