========================================================================== Ubuntu Security Notice USN-4176-1 November 06, 2019
cpio vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: GNU cpio could be made to expose sensitive information if it received a specially crafted input. Software Description: - cpio: a tool to manage archives of files Details: Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: cpio 2.12+dfsg-9ubuntu0.1 Ubuntu 19.04: cpio 2.12+dfsg-6ubuntu0.19.04.1 Ubuntu 18.04 LTS: cpio 2.12+dfsg-6ubuntu0.18.04.1 Ubuntu 16.04 LTS: cpio 2.11+dfsg-5ubuntu1.1 Ubuntu 14.04 ESM: cpio 2.11+dfsg-1ubuntu1.2+esm1 Ubuntu 12.04 ESM: cpio 2.11-7ubuntu3.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4176-1 CVE-2019-14866 Package Information: https://launchpad.net/ubuntu/+source/cpio/2.12+dfsg-9ubuntu0.1 https://launchpad.net/ubuntu/+source/cpio/2.12+dfsg-6ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/cpio/2.12+dfsg-6ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/cpio/2.11+dfsg-5ubuntu1.1
signature.asc
Description: PGP signature
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
