Debian Security Advisory
DLA-3445-1 cpio -- LTS security update
- Date Reported:
- 04 Jun 2023
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 941412, Bug 992045.
In Mitre's CVE dictionary: CVE-2019-14866, CVE-2021-38185.
- More information:
Two vulnerabilities were fixed in GNU cpio, a program to manage archives of files.
Improper validation of input files when generatingtar archives.
Arbitrary code via crafted pattern file.
For Debian 10 buster, these problems have been fixed in version 2.12+dfsg-9+deb10u1.
We recommend that you upgrade your cpio packages.
For the detailed security status of cpio please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cpio
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS