- Vulnerability/
- USN-5064-3
USN-5064-3: GNU cpio vulnerability
First published: Thu Aug 03 2023(Updated: )
USN-5064-1 fixed a vulnerability in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/cpio | <2.11+dfsg-1ubuntu1.2+esm2 | 2.11+dfsg-1ubuntu1.2+esm2 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of USN-5064-3?
The vulnerability ID of USN-5064-3 is CVE-2021-38185.
What is the affected software for USN-5064-3?
The affected software for USN-5064-3 is cpio version 2.11+dfsg-1ubuntu1.2+esm2 on Ubuntu 14.04 LTS.
How does the vulnerability in USN-5064-3 impact cpio?
The vulnerability in USN-5064-3 allows a remote attacker to cause cpio to crash.
How can I fix the vulnerability in USN-5064-3?
To fix the vulnerability in USN-5064-3, you should update cpio to version 2.11+dfsg-1ubuntu1.2+esm2.
Where can I get more information about USN-5064-3?
You can get more information about USN-5064-3 at the following link: [USN-5064-3](https://ubuntu.com/security/notices/USN-5064-3)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-5064-1
- anchor-related/USN-5064-2
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/14.04