USN-5064-2: GNU cpio vulnerability

🗓️ 27 Jan 2022 17:25:42Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 101 Views

Ubuntu 16.04 ESM cpio vulnerability fix

Reporter	Title	Published	Views	Family All 137
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93	14 Mar 202220:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities	25 Oct 202215:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by arbitrary code executiondue to GNU cpio (CVE-2021-38185)	1 Aug 202210:01	–	ibm
Tenable Nessus	Amazon Linux 2022 : cpio (ALAS2022-2023-263)	25 Jan 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : cpio (ALAS2023-2023-021)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : cpio (ALAS-2023-1972)	7 Mar 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0211: cpio (ALINUX3-SA-2022:0211)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : cpio (ALSA-2022:1991)	12 May 202200:00	–	nessus
Tenable Nessus	CentOS 8 : cpio (CESA-2022:1991)	10 May 202200:00	–	nessus
Tenable Nessus	CentOS 9 : cpio-2.13-16.el9	29 Feb 202400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	16.04	any	cpio	2.11+dfsg-5ubuntu1.1+esm1	cpio_2.11+dfsg-5ubuntu1.1+esm1_any.deb

27 Jan 2022 17:25Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 3.17.8

EPSS0.26333

SSVC

gnu cpio ubuntu 16.04 esm pattern files denial of service arbitrary code vulnerability update