USN-5064-2: GNU cpio vulnerability
27 January 2022
GNU cpio could be made to crash or run programs if it opened a specially crafted file.
- cpio - a tool to manage archives of files
USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides
the corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled
certain pattern files. A remote attacker could use this issue to cause cpio
to crash, resulting in a denial of service, or possibly execute arbitrary