Source | Text Version

QSN-4176-1: cpio vulnerability

November 6, 2019

Summary

GNU cpio could be made to expose sensitive information if it received a specially crafted input.

Details

Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.

References

https://usn.ubuntu.com/4176-1

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l cpio

If the current version you have is before 2.11+dfsg-5ubuntu1.1, run the following:

$ sudo apt-get update
$ sudo apt-get install cpio

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.