USN-5064-3: GNU cpio vulnerability
3 August 2023
GNU cpio could be made to crash or run programs if it opened a specially crafted file.
- cpio - a tool to manage archives of files
USN-5064-1 fixed a vulnerability in GNU. This update provides
the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled
certain pattern files. A remote attacker could use this issue to cause cpio
to crash, resulting in a denial of service, or possibly execute arbitrary