Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-14866

It was discovered cpio does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. (CVE-2019-14866)

Source

ALAS2-2020-1505

Amazon Linux 2 Security Advisory: ALAS-2020-1505
Advisory Release Date: 2020-10-22 17:22 Pacific
Advisory Updated Date: 2020-10-22 22:39 Pacific

Severity: Medium

References: CVE-2019-14866

Issue Overview:

It was discovered cpio does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. (CVE-2019-14866)

Affected Packages:

cpio

Issue Correction:
Run yum update cpio to update your system.

New Packages:

aarch64:
    cpio-2.11-28.amzn2.aarch64
    cpio-debuginfo-2.11-28.amzn2.aarch64

i686:
    cpio-2.11-28.amzn2.i686
    cpio-debuginfo-2.11-28.amzn2.i686

src:
    cpio-2.11-28.amzn2.src

x86_64:
    cpio-2.11-28.amzn2.x86_64
    cpio-debuginfo-2.11-28.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2020-1505

ALAS2-2020-1505

Vulmon Search

About

Products

Connect