UbuntuUpdates.org

Package "cpio"

Name: cpio

Description:

GNU cpio -- a program to manage archives of files
Latest version: 2.11+dfsg-1ubuntu1.2
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://www.gnu.org/software/cpio/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cpio"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "cpio" in Trusty

Repository Area Version
base main 2.11+dfsg-1ubuntu1
security main 2.11+dfsg-1ubuntu1.2

Changelog

Version: 2.11+dfsg-1ubuntu1.2 2016-02-22 21:07:01 UTC

  cpio (2.11+dfsg-1ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: file overwrite via symlink attack
    - debian/patches/CVE-2015-1197.patch: don't write files over symlinks
      unless --extract-over-symlinks is used in doc/cpio.1, src/copyin.c,
      src/extern.h, src/global.c, src/main.c.
    - CVE-2015-1197
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2016-2037.patch: make sure there is at least two
      bytes available in src/copyin.c, added comment to src/util.c.
    - CVE-2016-2037
  * debian/patches/fix-symlink-test.patch: fix date-sensitive test.

 -- Marc Deslauriers <email address hidden> Thu, 18 Feb 2016 09:15:43 -0500
Source diff to previous version
CVE-2015-1197 cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive
CVE-2016-2037 out-of-bounds write with cpio 2.11

Version: 2.11+dfsg-1ubuntu1.1 2015-01-08 21:06:32 UTC

  cpio (2.11+dfsg-1ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: out of bounds write and other range issues
    - debian/patches/cpio-CVE-2014-9112.patch
    - debian/patches/cpio-CVE-2014-9112-testsuite.patch: regenerate
      testsuite to incorporate tests from previous patch
    - CVE-2014-9112
 -- Steve Beattie <email address hidden> Wed, 07 Jan 2015 11:31:48 -0800
CVE-2014-9112 Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block va


About   -   Send Feedback to @ubuntu_updates