Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3445-1:7A22D
HistoryJun 04, 2023 - 8:12 p.m.

[SECURITY] [DLA 3445-1] cpio security update

2023-06-0420:12:22
lists.debian.org
8
cpio
archives
cve-2019-14866
update
files
debian
cve-2021-38185
gnu
debian lts
buster
security update

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

JSON

Debian LTS Advisory DLA-3445-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
June 04, 2023 https://wiki.debian.org/LTS

Package : cpio
Version : 2.12+dfsg-9+deb10u1
CVE ID : CVE-2019-14866 CVE-2021-38185
Debian Bug : 941412 992045

Two vulnerabilities were fixed in GNU cpio, a program to manage
archives of files.

CVE-2019-14866

Improper validation of input files when generatingtar archives.

CVE-2021-38185

Arbitrary code via crafted pattern file.

For Debian 10 buster, these problems have been fixed in version
2.12+dfsg-9+deb10u1.

We recommend that you upgrade your cpio packages.

For the detailed security status of cpio please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cpio

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11allcpio< 2.13+dfsg-7.1~deb11u1cpio_2.13+dfsg-7.1~deb11u1_all.deb
Debian11mips64elcpio< 2.13+dfsg-7.1~deb11u1cpio_2.13+dfsg-7.1~deb11u1_mips64el.deb
Debian11ppc64elcpio< 2.13+dfsg-7.1~deb11u1cpio_2.13+dfsg-7.1~deb11u1_ppc64el.deb
Debian10allcpio-win32< 2.12+dfsg-9+deb10u1cpio-win32_2.12+dfsg-9+deb10u1_all.deb
Debian11i386cpio< 2.13+dfsg-7.1~deb11u1cpio_2.13+dfsg-7.1~deb11u1_i386.deb
Debian10i386cpio< 2.12+dfsg-9+deb10u1cpio_2.12+dfsg-9+deb10u1_i386.deb
Debian11armhfcpio< 2.13+dfsg-7.1~deb11u1cpio_2.13+dfsg-7.1~deb11u1_armhf.deb
Debian11allcpio-win32< 2.13+dfsg-7.1~deb11u1cpio-win32_2.13+dfsg-7.1~deb11u1_all.deb
Debian10allcpio< 2.12+dfsg-9+deb10u1cpio_2.12+dfsg-9+deb10u1_all.deb
Debian11mipselcpio< 2.13+dfsg-7.1~deb11u1cpio_2.13+dfsg-7.1~deb11u1_mipsel.deb
Rows per page:
1-10 of 171

Related

openvas 37
nessus 72
osv 9
ubuntu 4
centos 1
ubuntucve 2
veracode 2
alpinelinux 2
suse 3
amazon 2
oraclelinux 3
cve 2
redhat 16
rocky 2
almalinux 2
redhatcve 2
githubexploit 1
mageia 2
cbl_mariner 2
debiancve 2
cvelist 2
debian 1
ibm 7
prion 2
cloudfoundry 2
nvd 2
photon 14
freebsd 1
openvas
openvas
Debian: Security Advisory (DLA-3445-1)
2023-06-05 00:00:00
openSUSE: Security Advisory for cpio (openSUSE-SU-2019:2593-1)
2019-12-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3059-1)
2021-06-09 00:00:00
nessus
nessus
Debian DLA-3445-1 : cpio - LTS security update
2023-06-05 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : GNU cpio vulnerability (USN-4176-1)
2019-11-07 00:00:00
SUSE SLED15 / SLES15 Security Update : cpio (SUSE-SU-2019:3059-1)
2019-11-26 00:00:00
osv
osv
cpio - security update
2023-06-04 00:00:00
Moderate: cpio security update
2021-05-18 05:34:34
cpio vulnerability
2021-09-08 11:14:41
ubuntu
ubuntu
GNU cpio vulnerability
2019-11-06 00:00:00
GNU cpio vulnerability
2021-09-08 00:00:00
GNU cpio vulnerability
2022-01-27 00:00:00
centos
centos
cpio security update
2020-10-20 17:51:14
ubuntucve
ubuntucve
CVE-2019-14866
2019-11-02 00:00:00
CVE-2021-38185
2021-08-08 00:00:00
veracode
veracode
Arbitrary File Rewrite
2020-10-01 03:53:30
Remote Code Execution (RCE)
2021-08-12 14:00:18
alpinelinux
alpinelinux
CVE-2019-14866
2020-01-07 17:15:11
CVE-2021-38185
2021-08-08 00:15:07
suse
suse
Security update for cpio (moderate)
2019-11-30 00:00:00
Security update for cpio (moderate)
2019-11-30 00:00:00
Security update for cpio (important)
2021-08-16 00:00:00
amazon
amazon
Medium: cpio
2020-10-22 17:22:00
Medium: cpio
2023-03-02 22:35:00
oraclelinux
oraclelinux
cpio security update
2020-10-06 00:00:00
cpio security update
2021-05-25 00:00:00
cpio security update
2022-05-17 00:00:00
cve
cve
CVE-2019-14866
2020-01-07 17:15:11
CVE-2021-38185
2021-08-08 00:15:07
redhat
redhat
(RHSA-2022:0073) Moderate: cpio security update
2022-01-11 09:07:49
(RHSA-2021:1582) Moderate: cpio security update
2021-05-18 05:34:34
(RHSA-2020:3908) Moderate: cpio security update
2020-09-29 07:42:42
rocky
rocky
cpio security update
2021-05-18 05:34:34
cpio security update
2022-05-10 06:43:49
almalinux
almalinux
Moderate: cpio security update
2021-05-18 05:34:34
Moderate: cpio security update
2022-05-10 06:43:49
redhatcve
redhatcve
CVE-2021-38185
2021-08-09 20:19:57
CVE-2019-14866
2019-10-25 13:51:42
githubexploit
githubexploit
Exploit for Integer Overflow or Wraparound in Gnu Cpio
2021-07-19 20:10:13
mageia
mageia
Updated cpio packages fix security vulnerability
2021-09-23 07:49:29
Updated cpio packages fix security vulnerabilities
2019-11-14 19:58:51
cbl_mariner
cbl_mariner
CVE-2021-38185 affecting package cpio for versions less than 2.13-4
2022-06-03 17:54:03
CVE-2021-38185 affecting package cpio 2.13-3
2021-09-13 03:23:36
debiancve
debiancve
CVE-2021-38185
2021-08-08 00:15:07
CVE-2019-14866
2020-01-07 17:15:11
cvelist
cvelist
CVE-2019-14866
2020-01-07 16:53:51
CVE-2021-38185
2021-08-07 00:00:00
debian
debian
[SECURITY] [DLA 1981-1] cpio security update
2019-11-05 18:06:14
ibm
ibm
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in GNU cpio (CVE-2019-14866)
2021-06-21 19:42:11
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by arbitrary code executiondue to GNU cpio (CVE-2021-38185)
2022-08-01 10:01:49
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
2022-10-25 15:02:36
prion
prion
Input validation
2020-01-07 17:15:00
Integer overflow
2021-08-08 00:15:00
cloudfoundry
cloudfoundry
USN-5064-1: GNU cpio vulnerability | Cloud Foundry
2021-10-04 00:00:00
USN-4176-1: GNU cpio vulnerability | Cloud Foundry
2019-11-18 00:00:00
nvd
nvd
CVE-2021-38185
2021-08-08 00:15:07
CVE-2019-14866
2020-01-07 17:15:11
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0267
2020-01-27 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0432
2021-09-04 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0388
2021-09-03 00:00:00
freebsd
freebsd
GNU cpio -- multiple vulnerabilities
2019-11-06 00:00:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

JSON
Related for DEBIAN:DLA-3445-1:7A22D
openvas37nessus72osv9ubuntu4centos1ubuntucve2veracode2alpinelinux2suse3amazon2oraclelinux3cve2redhat16rocky2almalinux2redhatcve2githubexploit1mageia2cbl_mariner2debiancve2cvelist2debian1ibm7prion2cloudfoundry2nvd2photon14freebsd1