Two vulnerabilities have been found in GNU cpio, the worst of which could result in execution of arbitrary code.
Package | app-arch/cpio on all architectures |
---|---|
Affected versions | < 2.11-r3 |
Unaffected versions | >= 2.11-r3 |
GNU cpio copies files into or out of a cpio or tar archive.
Two vulnerabilities have been discovered in GNU cpio:
A remote attacker may be able to entice a user to open a specially crafted archive using GNU cpio, possibly resulting in execution of arbitrary code, a Denial of Service condition, or overwriting arbitrary files.
There is no known workaround at this time.
All GNU cpio users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.11-r3"