openSUSE Security Update : cpio (openSUSE-2017-209)
Medium Nessus Plugin ID 97006
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for cpio fixes two issues.
This security issue was fixed :
- CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio allowed remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file (bsc#963448).
This non-security issue was fixed :
- bsc#1020108: Always use 32 bit CRC to prevent checksum errors for files greater than 32MB
This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected cpio packages.