Red Hat Product Errata RHSA-2020:3908 - Security Advisory

Issued:: 2020-09-29
Updated:: 2020-09-29

RHSA-2020:3908 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: cpio security update

Type/Severity

Security Advisory: Moderate

Topic

An update for cpio is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another.

Security Fix(es):

cpio: improper input validation when writing tar header fields leads to unexpect tar generation (CVE-2019-14866)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1765511 - CVE-2019-14866 cpio: improper input validation when writing tar header fields leads to unexpect tar generation

CVEs

CVE-2019-14866

References

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
cpio-2.11-28.el7.src.rpm	SHA-256: d71c1b91c2bc1e11777beff338088eac59c0a2b022ee1ca5b3c5d8ed74d3e3d0
x86_64
cpio-2.11-28.el7.x86_64.rpm	SHA-256: ee9f7e005742702d8e10aa62f1c11683bde53e26adc170d038a7a2014119b72b
cpio-debuginfo-2.11-28.el7.x86_64.rpm	SHA-256: 4812e71fe2e830427ed23c238f0c59d356ffaefbe0434ba4b40db85923e98df1

Red Hat Enterprise Linux Workstation 7

SRPM
cpio-2.11-28.el7.src.rpm	SHA-256: d71c1b91c2bc1e11777beff338088eac59c0a2b022ee1ca5b3c5d8ed74d3e3d0
x86_64
cpio-2.11-28.el7.x86_64.rpm	SHA-256: ee9f7e005742702d8e10aa62f1c11683bde53e26adc170d038a7a2014119b72b
cpio-debuginfo-2.11-28.el7.x86_64.rpm	SHA-256: 4812e71fe2e830427ed23c238f0c59d356ffaefbe0434ba4b40db85923e98df1

Red Hat Enterprise Linux Desktop 7

SRPM
cpio-2.11-28.el7.src.rpm	SHA-256: d71c1b91c2bc1e11777beff338088eac59c0a2b022ee1ca5b3c5d8ed74d3e3d0
x86_64
cpio-2.11-28.el7.x86_64.rpm	SHA-256: ee9f7e005742702d8e10aa62f1c11683bde53e26adc170d038a7a2014119b72b
cpio-debuginfo-2.11-28.el7.x86_64.rpm	SHA-256: 4812e71fe2e830427ed23c238f0c59d356ffaefbe0434ba4b40db85923e98df1

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
cpio-2.11-28.el7.src.rpm	SHA-256: d71c1b91c2bc1e11777beff338088eac59c0a2b022ee1ca5b3c5d8ed74d3e3d0
s390x
cpio-2.11-28.el7.s390x.rpm	SHA-256: bac1ac8cf490f9a8c1b0ae37ddcafacaed653f3177d4885ecd19c7ca42c95cad
cpio-debuginfo-2.11-28.el7.s390x.rpm	SHA-256: e0488e914a23023caf2f845934823c173834edf72f41d3290e265a8c57b90db2

Red Hat Enterprise Linux for Power, big endian 7

SRPM
cpio-2.11-28.el7.src.rpm	SHA-256: d71c1b91c2bc1e11777beff338088eac59c0a2b022ee1ca5b3c5d8ed74d3e3d0
ppc64
cpio-2.11-28.el7.ppc64.rpm	SHA-256: ccae9c866c9bab3466ca2fd1b0a7542705e92c123631649962d7fe8a4334802c
cpio-debuginfo-2.11-28.el7.ppc64.rpm	SHA-256: a865411208ec2c94e885accecd229a0e4a320942816fcd2547f9c80704874812

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
cpio-2.11-28.el7.src.rpm	SHA-256: d71c1b91c2bc1e11777beff338088eac59c0a2b022ee1ca5b3c5d8ed74d3e3d0
x86_64
cpio-2.11-28.el7.x86_64.rpm	SHA-256: ee9f7e005742702d8e10aa62f1c11683bde53e26adc170d038a7a2014119b72b
cpio-debuginfo-2.11-28.el7.x86_64.rpm	SHA-256: 4812e71fe2e830427ed23c238f0c59d356ffaefbe0434ba4b40db85923e98df1

Red Hat Enterprise Linux for Power, little endian 7

SRPM
cpio-2.11-28.el7.src.rpm	SHA-256: d71c1b91c2bc1e11777beff338088eac59c0a2b022ee1ca5b3c5d8ed74d3e3d0
ppc64le
cpio-2.11-28.el7.ppc64le.rpm	SHA-256: 94966ec8c4e116e37e00c52210625214c910886ed2fb5a0d0db47c21a7cf11d5
cpio-debuginfo-2.11-28.el7.ppc64le.rpm	SHA-256: 641b322171d34492f00fe96d8da36ecb98cfd4aa297f62071c09703103d326a7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories