RLSA-2022:1991 --- cpioID: oval:org.secpod.oval:def:4500886 | Date: (C)2023-04-03 (M)2023-06-16 |
Class: PATCH | Family: unix |
The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix: * cpio: integer overflow in ds_fgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.