Advisories ยป MGASA-2021-0423

Updated cpio packages fix security vulnerability

Publication date: 23 Sep 2021
Modification date: 23 Sep 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-38185

Description

GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. (CVE-2021-38185).

References

SRPMS

8/core