cpio-2.12-3.90 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10143 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cpio-2.12-3.90 on GA media These are all security issues fixed in the cpio-2.12-3.90 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10143 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10143 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-0624/ SUSE CVE CVE-2010-0624 page https://www.suse.com/security/cve/CVE-2014-9112/ SUSE CVE CVE-2014-9112 page https://www.suse.com/security/cve/CVE-2016-2037/ SUSE CVE CVE-2016-2037 page openSUSE Tumbleweed cpio-2.12-3.90 cpio-lang-2.12-3.90 cpio-2.12-3.90 as a component of openSUSE Tumbleweed cpio-lang-2.12-3.90 as a component of openSUSE Tumbleweed Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. CVE-2010-0624 openSUSE Tumbleweed:cpio-2.12-3.90 openSUSE Tumbleweed:cpio-lang-2.12-3.90 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0624.html CVE-2010-0624 https://bugzilla.suse.com/579475 SUSE Bug 579475 https://bugzilla.suse.com/608034 SUSE Bug 608034 Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. CVE-2014-9112 openSUSE Tumbleweed:cpio-2.12-3.90 openSUSE Tumbleweed:cpio-lang-2.12-3.90 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9112.html CVE-2014-9112 https://bugzilla.suse.com/907456 SUSE Bug 907456 https://bugzilla.suse.com/913479 SUSE Bug 913479 The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. CVE-2016-2037 openSUSE Tumbleweed:cpio-2.12-3.90 openSUSE Tumbleweed:cpio-lang-2.12-3.90 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2037.html CVE-2016-2037 https://bugzilla.suse.com/1028410 SUSE Bug 1028410 https://bugzilla.suse.com/963448 SUSE Bug 963448