Upstream information

CVE-2021-38185 at MITRE

Description

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
  SUSE
Base Score 8.8
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Access Vector Network
Access Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entries: 1189206 [RESOLVED / FIXED], 1189486 [NEW], 1192364 [NEW], 1193391 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Container bci/bci-init:15.3.7.1
Container bci/dotnet-aspnet:3.1
Container bci/dotnet-aspnet:5.0.14-2.3
Container bci/dotnet-aspnet:latest
Container bci/dotnet-runtime:3.1.22-19.3
Container bci/dotnet-runtime:5.0.13-17.3
Container bci/dotnet-runtime:latest
Container bci/dotnet-sdk:3.1.22-17.3
Container bci/dotnet-sdk:5.0.13-16.3
Container bci/dotnet-sdk:latest
Container bci/golang:1.16
Container bci/golang:1.17
Container bci/golang:latest
Container bci/node:12
Container bci/node:14
Container bci/nodejs:16-2.1
Container bci/openjdk-devel:11
Container bci/openjdk:latest
Container bci/python:3
Container bci/ruby:latest
Container caasp/v4/389-ds:1.4.2
Container caasp/v4/busybox:1.34.1
Container caasp/v4/caasp-dex:2.16.0
Container caasp/v4/cert-exporter:2.3.0
Container caasp/v4/cilium-etcd-operator:2.0.5
Container caasp/v4/cilium-init:1.5.3
Container caasp/v4/cilium-operator:1.6.6
Container caasp/v4/cilium:1.6.6
Container caasp/v4/cloud-provider-openstack:1.15.0
Container caasp/v4/configmap-reload:0.3.0
Container caasp/v4/coredns:1.6.7
Container caasp/v4/curl:7.60.0
Container caasp/v4/etcd:3.4.13
Container caasp/v4/gangway:3.1.0
Container caasp/v4/grafana:7.5.12
Container caasp/v4/helm-tiller:2.16.12
Container caasp/v4/hyperkube:v1.17.17
Container caasp/v4/k8s-sidecar:0.1.75
Container caasp/v4/kube-state-metrics:1.9.3
Container caasp/v4/kubernetes-client:1.17.17
Container caasp/v4/kucero:1.3.0
Container caasp/v4/kured:1.3.0
Container caasp/v4/metrics-server:0.3.6
Container caasp/v4/prometheus-alertmanager:0.16.2
Container caasp/v4/prometheus-node-exporter:1.1.2
Container caasp/v4/prometheus-pushgateway:0.6.0
Container caasp/v4/prometheus-server:2.7.1
Container caasp/v4/rsyslog:8.39.0
Container caasp/v4/skuba-tooling:0.1.0
Container caasp/v4/test-update:beta
Container caasp/v4/velero-plugin-for-aws:1.0.1
Container caasp/v4/velero-plugin-for-gcp:1.0.1
Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1
Container caasp/v4/velero-restic-restore-helper:1.3.1
Container caasp/v4/velero:1.3.1
Container ses/6/cephcsi/cephcsi:1.2.0.0.1.5.494
Container ses/6/rook/ceph:1.1.1.0.1.5.486
Container ses/7.1/ceph/grafana:sle15.3.pacific
Container ses/7.1/ceph/haproxy:2.0.14.2.2.10
Container ses/7.1/ceph/keepalived:2.0.19.2.2.10
Container ses/7.1/ceph/prometheus-alertmanager:sle15.3.pacific
Container ses/7.1/ceph/prometheus-node-exporter:sle15.3.pacific
Container ses/7.1/ceph/prometheus-server:sle15.3.pacific
Container ses/7.1/ceph/prometheus-snmp_notifier:sle15.3.pacific
Container ses/7.1/cephcsi/cephcsi:v3.5.1.0
Container ses/7.1/cephcsi/csi-attacher:v3.4.0-rev1-build2.2.9
Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.0-rev1-build2.2.9
Container ses/7.1/cephcsi/csi-provisioner:v3.1.0-rev1-build2.2.9
Container ses/7.1/cephcsi/csi-resizer:v1.4.0-rev1-build2.2.9
Container ses/7.1/cephcsi/csi-snapshotter:v5.0.1-rev1-build2.2.9
Container ses/7.1/rook/ceph:1.8.6.0.3.2.5
Container ses/7/ceph/grafana:7.5.7.3.559
Container ses/7/ceph/prometheus-alertmanager:latest
Container ses/7/ceph/prometheus-node-exporter:latest
Container ses/7/ceph/prometheus-server:latest
Container ses/7/cephcsi/cephcsi:3.3.1.0.3.670
Container ses/7/cephcsi/csi-attacher:v3.3.0-rev1-build3.443
Container ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1-build3.517
Container ses/7/cephcsi/csi-node-driver-registrar:v2.3.0-rev1-build3.426
Container ses/7/cephcsi/csi-provisioner:v3.0.0-rev1-build3.415
Container ses/7/cephcsi/csi-resizer:v1.3.0-rev1-build3.412
Container ses/7/cephcsi/csi-snapshotter:v4.2.0-rev1-build3.409
Container ses/7/prometheus-webhook-snmp:1.4.1.315
Container ses/7/rook/ceph:1.7.7.0.1.1903
Container suse/pcp:latest
Container suse/rmt-mariadb-client:10.5-4.1
Container suse/rmt-mariadb:10.5-3.1
Container suse/rmt-nginx:1.19-3.1
Container suse/rmt-server:2.7-3.1
Container suse/sle-micro-rancher/5.2:latest
Container suse/sle-micro/5.1/toolbox:10.1-2.2.74
Container suse/sle-micro/5.2/toolbox:11.1-6.2.1
Container suse/sle15:15.0.4.22.441
Container suse/sle15:15.1.6.2.497
Container suse/sle15:15.2.9.5.8
Container suse/sle15:15.3.17.5.33
Container suse/sles/15.3/cdi-apiserver:1.37.1.8.5.1
Container suse/sles/15.3/cdi-cloner:1.37.1.8.5.1
Container suse/sles/15.3/cdi-controller:1.37.1.8.5.1
Container suse/sles/15.3/cdi-importer:1.37.1.8.5.1
Container suse/sles/15.3/cdi-operator:1.37.1.8.5.1
Container suse/sles/15.3/cdi-uploadproxy:1.37.1.8.5.1
Container suse/sles/15.3/cdi-uploadserver:1.37.1.8.5.1
Container suse/sles/15.3/libguestfs-tools:0.45.0.7.7.1
Container suse/sles/15.3/virt-api:0.45.0.8.5.1
Container suse/sles/15.3/virt-controller:0.45.0.8.5.1
Container suse/sles/15.3/virt-handler:0.45.0.8.7.1
Container suse/sles/15.3/virt-launcher:0.45.0.8.14.1
Container suse/sles/15.3/virt-operator:0.45.0.8.6.1
Container trento/trento-db:14.1-rev1.0.0-build2.2.1
Container trento/trento-runner:0.7.1-rev1.0.0-build2.2.1
Container trento/trento-web:0.7.1-rev1.0.0-build2.2.1
Image SLES15-Azure-BYOS
Image SLES15-EC2-CHOST-HVM-BYOS
Image SLES15-EC2-HVM-BYOS
Image SLES15-GCE-BYOS
Image SLES15-SAP-Azure
Image SLES15-SAP-Azure-BYOS
Image SLES15-SAP-Azure-LI-BYOS-Production
Image SLES15-SAP-Azure-VLI-BYOS-Production
Image SLES15-SAP-EC2-HVM
Image SLES15-SAP-EC2-HVM-BYOS
Image SLES15-SAP-GCE
Image SLES15-SAP-GCE-BYOS
Image SLES15-SP1-Azure-BYOS
Image SLES15-SP1-Azure-HPC-BYOS
Image SLES15-SP1-CHOST-BYOS-Azure
Image SLES15-SP1-CHOST-BYOS-EC2
Image SLES15-SP1-CHOST-BYOS-GCE
Image SLES15-SP1-EC2-HPC-HVM-BYOS
Image SLES15-SP1-EC2-HVM-BYOS
Image SLES15-SP1-GCE-BYOS
Image SLES15-SP1-SAP-Azure
Image SLES15-SP1-SAP-Azure-BYOS
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP1-SAP-EC2-HVM
Image SLES15-SP1-SAP-EC2-HVM-BYOS
Image SLES15-SP1-SAP-GCE
Image SLES15-SP1-SAP-GCE-BYOS
Image SLES15-SP1-SAPCAL-Azure
Image SLES15-SP1-SAPCAL-EC2-HVM
Image SLES15-SP1-SAPCAL-GCE
Image SLES15-SP2-BYOS-Azure
Image SLES15-SP2-BYOS-EC2-HVM
Image SLES15-SP2-BYOS-GCE
Image SLES15-SP2-CHOST-BYOS-Aliyun
Image SLES15-SP2-CHOST-BYOS-Azure
Image SLES15-SP2-CHOST-BYOS-EC2
Image SLES15-SP2-CHOST-BYOS-GCE
Image SLES15-SP2-CHOST-BYOS-OpenStack
Image SLES15-SP2-HPC-BYOS-Azure
Image SLES15-SP2-HPC-BYOS-EC2-HVM
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
Image SLES15-SP2-SAP-Azure
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP2-SAP-BYOS-Azure
Image SLES15-SP2-SAP-BYOS-EC2-HVM
Image SLES15-SP2-SAP-BYOS-GCE
Image SLES15-SP2-SAP-EC2-HVM
Image SLES15-SP2-SAP-GCE
Image SLES15-SP3-Azure-Basic
Image SLES15-SP3-Azure-Standard
Image SLES15-SP3-BYOS-Azure
Image SLES15-SP3-BYOS-EC2-HVM
Image SLES15-SP3-BYOS-GCE
Image SLES15-SP3-BYOS-OCI
Image SLES15-SP3-CHOST-BYOS-Aliyun
Image SLES15-SP3-CHOST-BYOS-Azure
Image SLES15-SP3-CHOST-BYOS-EC2
Image SLES15-SP3-CHOST-BYOS-GCE
Image SLES15-SP3-EC2-ECS-HVM
Image SLES15-SP3-EC2-HVM
Image SLES15-SP3-GCE
Image SLES15-SP3-HPC-Azure
Image SLES15-SP3-HPC-BYOS-Azure
Image SLES15-SP3-HPC-BYOS-EC2-HVM
Image SLES15-SP3-HPC-BYOS-GCE
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
Image SLES15-SP3-Micro-5-1-BYOS-Azure
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
Image SLES15-SP3-Micro-5-1-BYOS-GCE
Image SLES15-SP3-Micro-5-2-BYOS-Azure
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
Image SLES15-SP3-Micro-5-2-BYOS-GCE
Image SLES15-SP3-Micro-BYOS-GCE
Image SLES15-SP3-SAP-Azure
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP3-SAP-BYOS-Azure
Image SLES15-SP3-SAP-BYOS-EC2-HVM
Image SLES15-SP3-SAP-BYOS-GCE
Image SLES15-SP3-SAP-BYOS-OCI
Image SLES15-SP3-SAP-EC2-HVM
Image SLES15-SP3-SAP-GCE
Image SLES15-SP3-SAPCAL-Azure
Image SLES15-SP3-SAPCAL-EC2-HVM
Image SLES15-SP3-SAPCAL-GCE
  • cpio >= 2.12-3.9.1
Container suse/sles12sp3:24.290
Container suse/sles12sp4:26.333
Container suse/sles12sp5:6.5.218
Image SLES12-SP4-Azure-BYOS
Image SLES12-SP4-EC2-HVM-BYOS
Image SLES12-SP4-GCE-BYOS
Image SLES12-SP4-SAP-Azure
Image SLES12-SP4-SAP-Azure-BYOS
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
Image SLES12-SP4-SAP-EC2-HVM
Image SLES12-SP4-SAP-EC2-HVM-BYOS
Image SLES12-SP4-SAP-GCE
Image SLES12-SP4-SAP-GCE-BYOS
Image SLES12-SP5-Azure-BYOS
Image SLES12-SP5-Azure-Basic-On-Demand
Image SLES12-SP5-Azure-HPC-BYOS
Image SLES12-SP5-Azure-HPC-On-Demand
Image SLES12-SP5-Azure-SAP-BYOS
Image SLES12-SP5-Azure-SAP-On-Demand
Image SLES12-SP5-Azure-Standard-On-Demand
Image SLES12-SP5-EC2-BYOS
Image SLES12-SP5-EC2-ECS-On-Demand
Image SLES12-SP5-EC2-On-Demand
Image SLES12-SP5-EC2-SAP-BYOS
Image SLES12-SP5-EC2-SAP-On-Demand
Image SLES12-SP5-GCE-BYOS
Image SLES12-SP5-GCE-On-Demand
Image SLES12-SP5-GCE-SAP-BYOS
Image SLES12-SP5-GCE-SAP-On-Demand
Image SLES12-SP5-OCI-BYOS-BYOS
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
  • cpio >= 2.11-36.9.1
HPE Helion Openstack 8
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
HPE-Helion-OpenStack-8-2021-2686
HPE-Helion-OpenStack-8-2021-2779
HPE-Helion-OpenStack-8-2021-2808
SUSE CaaS Platform 4.0
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SUSE-CAASP-4.0-2021-2689
SUSE-SUSE-CAASP-4.0-2021-2780
SUSE Enterprise Storage 6
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-Storage-6-2021-2689
SUSE-Storage-6-2021-2780
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Module-Basesystem-15-SP2-2021-2689
SUSE-SLE-Module-Basesystem-15-SP2-2021-2780
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Module-Basesystem-15-SP3-2021-2689
SUSE-SLE-Module-Basesystem-15-SP3-2021-2780
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
  • cpio >= 2.13-150400.1.98
  • cpio-lang >= 2.13-150400.1.98
  • cpio-mt >= 2.13-150400.1.98
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 SP4 GA cpio-2.13-150400.1.98
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2689
SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2780
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2689
SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2780
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-2021-2689
SUSE-SLE-Product-HPC-15-2021-2780
SUSE Linux Enterprise Micro 5.0
  • cpio >= 2.12-3.9.1
Patchnames:
SUSE-SUSE-MicroOS-5.0-2021-2689
SUSE-SUSE-MicroOS-5.0-2021-2780
SUSE Linux Enterprise Point of Sale 11 SP3
  • cpio >= 2.9-75.81.14.1
  • cpio-lang >= 2.9-75.81.14.1
Patchnames:
sleposp3-cpio-14777
sleposp3-cpio-14788
SUSE Linux Enterprise Server 11 SP4-LTSS
  • cpio >= 2.9-75.81.14.1
  • cpio-lang >= 2.9-75.81.14.1
Patchnames:
slessp4-cpio-14777
slessp4-cpio-14788
SUSE Linux Enterprise Server 12 SP2-BCL
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SERVER-12-SP2-BCL-2021-2686
SUSE-SLE-SERVER-12-SP2-BCL-2021-2779
SUSE-SLE-SERVER-12-SP2-BCL-2021-2808
SUSE Linux Enterprise Server 12 SP3-BCL
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-BCL-2021-2686
SUSE-SLE-SERVER-12-SP3-BCL-2021-2779
SUSE-SLE-SERVER-12-SP3-BCL-2021-2808
SUSE Linux Enterprise Server 12 SP3-ESPOS
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-ESPOS-2021-2686
SUSE-SLE-SERVER-12-SP3-ESPOS-2021-2779
SUSE-SLE-SERVER-12-SP3-ESPOS-2021-2808
SUSE Linux Enterprise Server 12 SP3-LTSS
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-2021-2686
SUSE-SLE-SERVER-12-SP3-2021-2779
SUSE-SLE-SERVER-12-SP3-2021-2808
SUSE Linux Enterprise Server 12 SP4-ESPOS
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SERVER-12-SP4-ESPOS-2021-2686
SUSE-SLE-SERVER-12-SP4-ESPOS-2021-2779
SUSE-SLE-SERVER-12-SP4-ESPOS-2021-2808
SUSE Linux Enterprise Server 12 SP4-LTSS
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SERVER-12-SP4-LTSS-2021-2686
SUSE-SLE-SERVER-12-SP4-LTSS-2021-2779
SUSE-SLE-SERVER-12-SP4-LTSS-2021-2808
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SERVER-12-SP5-2021-2686
SUSE-SLE-SERVER-12-SP5-2021-2779
SUSE-SLE-SERVER-12-SP5-2021-2808
SUSE Linux Enterprise Server 15 SP1-BCL
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2689
SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2780
SUSE Linux Enterprise Server 15 SP1-LTSS
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2689
SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2780
SUSE Linux Enterprise Server 15-LTSS
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-2021-2689
SUSE-SLE-Product-SLES-15-2021-2780
SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SAP-12-SP3-2021-2686
SUSE-SLE-SAP-12-SP3-2021-2779
SUSE-SLE-SAP-12-SP3-2021-2808
SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-SLE-SAP-12-SP4-2021-2686
SUSE-SLE-SAP-12-SP4-2021-2779
SUSE-SLE-SAP-12-SP4-2021-2808
SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2689
SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2780
SUSE Linux Enterprise Server for SAP Applications 15
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-2021-2689
SUSE-SLE-Product-SLES_SAP-15-2021-2780
SUSE Manager Proxy 4.0
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2689
SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2780
SUSE Manager Retail Branch Server 4.0
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2689
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2780
SUSE Manager Server 4.0
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2689
SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2780
SUSE OpenStack Cloud 8
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-OpenStack-Cloud-8-2021-2686
SUSE-OpenStack-Cloud-8-2021-2779
SUSE-OpenStack-Cloud-8-2021-2808
SUSE OpenStack Cloud 9
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-OpenStack-Cloud-9-2021-2686
SUSE-OpenStack-Cloud-9-2021-2779
SUSE-OpenStack-Cloud-9-2021-2808
SUSE OpenStack Cloud Crowbar 8
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-OpenStack-Cloud-Crowbar-8-2021-2686
SUSE-OpenStack-Cloud-Crowbar-8-2021-2779
SUSE-OpenStack-Cloud-Crowbar-8-2021-2808
SUSE OpenStack Cloud Crowbar 9
  • cpio >= 2.11-36.15.1
  • cpio-lang >= 2.11-36.15.1
Patchnames:
SUSE-OpenStack-Cloud-Crowbar-9-2021-2686
SUSE-OpenStack-Cloud-Crowbar-9-2021-2779
SUSE-OpenStack-Cloud-Crowbar-9-2021-2808
openSUSE Leap 15.2
  • cpio >= 2.12-lp152.5.5.1
  • cpio-lang >= 2.12-lp152.5.5.1
  • cpio-mt >= 2.12-lp152.5.5.1
Patchnames:
openSUSE-2021-1197
openSUSE Leap 15.3
  • cpio >= 2.12-3.9.1
  • cpio-lang >= 2.12-3.9.1
  • cpio-mt >= 2.12-3.9.1
Patchnames:
openSUSE-SLE-15.3-2021-2689
openSUSE-SLE-15.3-2021-2780
openSUSE Leap 15.4
  • cpio >= 2.13-150400.1.98
  • cpio-lang >= 2.13-150400.1.98
  • cpio-mt >= 2.13-150400.1.98
Patchnames:
openSUSE Leap 15.4 GA cpio-2.13-150400.1.98
openSUSE Tumbleweed
  • cpio >= 2.13-3.3
  • cpio-lang >= 2.13-3.3
  • cpio-mt >= 2.13-3.3
Patchnames:
openSUSE Tumbleweed GA cpio-2.13-3.3


First public cloud image revisions this CVE is fixed in:


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s) Source package State
HPE Helion OpenStack 8 cpio Released
SLES15-EC2-CHOST-HVM-BYOS cpio Released
SLES15-SP1-CHOST-BYOS-Ali cpio In progress
SLES15-SP1-CHOST-BYOS-Azure cpio Released
SLES15-SP1-CHOST-BYOS-EC2 cpio Released
SLES15-SP1-CHOST-BYOS-GCE cpio Released
SLES15-SP1-CHOST-BYOS-OpenStack cpio In progress
SLES15-SP2-CHOST-BYOS-Aliyun cpio Released
SLES15-SP2-CHOST-BYOS-Azure cpio Released
SLES15-SP2-CHOST-BYOS-EC2 cpio Released
SLES15-SP2-CHOST-BYOS-GCE cpio Released
SLES15-SP2-CHOST-BYOS-OpenStack cpio Released
SLES15-SP3-CHOST-BYOS-Aliyun cpio Released
SLES15-SP3-CHOST-BYOS-Azure cpio Released
SLES15-SP3-CHOST-BYOS-EC2 cpio Released
SLES15-SP3-CHOST-BYOS-GCE cpio Released
SLES15-SP4-CHOST-BYOS-Aliyun cpio Already fixed
SLES15-SP4-CHOST-BYOS-Azure cpio Already fixed
SLES15-SP4-CHOST-BYOS-EC2 cpio Already fixed
SLES15-SP4-CHOST-BYOS-GCE cpio Already fixed
SUSE CaaS Platform 4.0 cpio Released
SUSE Enterprise Storage 6 cpio Released
SUSE Linux Enterprise Desktop 15 SP2 cpio Released
SUSE Linux Enterprise Desktop 15 SP3 cpio Released
SUSE Linux Enterprise High Performance Computing 12 SP5 cpio Released
SUSE Linux Enterprise High Performance Computing 15 LTSS cpio Released
SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS cpio Released
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS cpio Released
SUSE Linux Enterprise High Performance Computing 15 SP2 cpio Released
SUSE Linux Enterprise High Performance Computing 15 SP3 cpio Released
SUSE Linux Enterprise Micro 5.0 cpio Released
SUSE Linux Enterprise Module for Basesystem 15 SP2 cpio Released
SUSE Linux Enterprise Module for Basesystem 15 SP3 cpio Released
SUSE Linux Enterprise Point of Service 11 SP3 cpio Released
SUSE Linux Enterprise Server 11 SP4 LTSS cpio Released
SUSE Linux Enterprise Server 12 SP2 BCL cpio Released
SUSE Linux Enterprise Server 12 SP3 BCL cpio Released
SUSE Linux Enterprise Server 12 SP3 ESPOS cpio Released
SUSE Linux Enterprise Server 12 SP3 LTSS cpio Released
SUSE Linux Enterprise Server 12 SP4 ESPOS cpio Released
SUSE Linux Enterprise Server 12 SP4 LTSS cpio Released
SUSE Linux Enterprise Server 12 SP5 cpio Released
SUSE Linux Enterprise Server 15 ESPOS cpio Released
SUSE Linux Enterprise Server 15 LTSS cpio Released
SUSE Linux Enterprise Server 15 SP1 LTSS cpio Released
SUSE Linux Enterprise Server 15 SP2 cpio Released
SUSE Linux Enterprise Server 15 SP3 cpio Released
SUSE Linux Enterprise Server Business Critical Linux 15 SP1 cpio Released
SUSE Linux Enterprise Server for SAP Applications 12 SP3 cpio Released
SUSE Linux Enterprise Server for SAP Applications 12 SP4 cpio Released
SUSE Linux Enterprise Server for SAP Applications 12 SP5 cpio In progress
SUSE Linux Enterprise Server for SAP Applications 15 cpio Released
SUSE Linux Enterprise Server for SAP Applications 15 SP1 cpio Released
SUSE Linux Enterprise Server for SAP Applications 15 SP2 cpio Released
SUSE Linux Enterprise Server for SAP Applications 15 SP3 cpio Released
SUSE Linux Enterprise Storage 7 cpio Released
SUSE Linux Enterprise Storage 7.1 cpio Released
SUSE Manager Proxy 4.0 cpio Released
SUSE Manager Proxy 4.1 cpio Released
SUSE Manager Proxy 4.2 cpio Released
SUSE Manager Retail Branch Server 4.0 cpio Released
SUSE Manager Retail Branch Server 4.1 cpio Released
SUSE Manager Retail Branch Server 4.2 cpio Released
SUSE Manager Server 4.0 cpio Released
SUSE Manager Server 4.1 cpio Released
SUSE Manager Server 4.2 cpio Released
SUSE OpenStack Cloud 8 cpio Released
SUSE OpenStack Cloud 9 cpio Released
SUSE OpenStack Cloud Crowbar 8 cpio Released
SUSE OpenStack Cloud Crowbar 9 cpio Released
bci/bci-init
bci/dotnet-aspnet
bci/dotnet-aspnet:3.1
bci/dotnet-aspnet:5.0
bci/dotnet-runtime
bci/dotnet-runtime:3.1
bci/dotnet-runtime:5.0
bci/dotnet-sdk
bci/dotnet-sdk:3.1
bci/dotnet-sdk:5.0
bci/golang
bci/golang:1.16
bci/golang:1.17
bci/node:14
bci/nodejs
bci/openjdk
bci/openjdk-devel
bci/openjdk:17
bci/python
bci/python:3
bci/ruby
bci/rust
bci/rust:1.56
suse/389-ds
suse/manager/4.3/proxy-httpd
suse/manager/4.3/proxy-salt-broker
suse/manager/4.3/proxy-squid
suse/manager/4.3/proxy-ssh
suse/manager/4.3/proxy-tftpd
suse/postgres
suse/postgres:10
suse/postgres:12
suse/postgres:13
suse/rmt-mariadb-client:10.6
suse/rmt-mariadb:10.6
suse/rmt-nginx:1.21
suse/rmt-server:2.7
suse/sle15:15.4
suse/sles/15.4/cdi-apiserver:1.43.0
suse/sles/15.4/cdi-cloner:1.43.0
suse/sles/15.4/cdi-controller:1.43.0
suse/sles/15.4/cdi-importer:1.43.0
suse/sles/15.4/cdi-operator:1.43.0
suse/sles/15.4/cdi-uploadproxy:1.43.0
suse/sles/15.4/cdi-uploadserver:1.43.0
suse/sles/15.4/libguestfs-tools:0.49.0
suse/sles/15.4/virt-api:0.49.0
suse/sles/15.4/virt-controller:0.49.0
suse/sles/15.4/virt-handler:0.49.0
suse/sles/15.4/virt-launcher:0.49.0
suse/sles/15.4/virt-operator:0.49.0
cpioAlready fixed
bci/node:12
bci/openjdk-devel:11
ses/6/cephcsi/cephcsi
ses/6/rook/ceph
ses/7.1/ceph/grafana
ses/7.1/ceph/haproxy
ses/7.1/ceph/keepalived
ses/7.1/ceph/prometheus-alertmanager
ses/7.1/ceph/prometheus-node-exporter
ses/7.1/ceph/prometheus-server
ses/7.1/ceph/prometheus-snmp_notifier
ses/7.1/cephcsi/cephcsi
ses/7.1/cephcsi/csi-attacher:v3.4.0
ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.0
ses/7.1/cephcsi/csi-provisioner:v3.1.0
ses/7.1/cephcsi/csi-resizer:v1.4.0
ses/7.1/cephcsi/csi-snapshotter:v5.0.1
ses/7.1/rook/ceph
ses/7/ceph/grafana
ses/7/ceph/prometheus-alertmanager
ses/7/ceph/prometheus-node-exporter
ses/7/ceph/prometheus-server
ses/7/cephcsi/cephcsi
ses/7/cephcsi/csi-attacher:v3.3.0
ses/7/cephcsi/csi-livenessprobe:v1.1.0
ses/7/cephcsi/csi-node-driver-registrar:v2.3.0
ses/7/cephcsi/csi-provisioner:v3.0.0
ses/7/cephcsi/csi-resizer:v1.3.0
ses/7/cephcsi/csi-snapshotter:v4.2.0
ses/7/prometheus-webhook-snmp
ses/7/rook/ceph
suse/pcp
suse/rmt-mariadb
suse/rmt-mariadb-client
suse/rmt-nginx
suse/rmt-server
suse/sle-micro-rancher/5.2
suse/sle-micro/5.1/toolbox
suse/sle-micro/5.2/toolbox
suse/sle15:15.0
suse/sle15:15.1
suse/sle15:15.2
suse/sle15:15.3
suse/sles/15.3/cdi-apiserver:1.37.1
suse/sles/15.3/cdi-cloner:1.37.1
suse/sles/15.3/cdi-controller:1.37.1
suse/sles/15.3/cdi-importer:1.37.1
suse/sles/15.3/cdi-operator:1.37.1
suse/sles/15.3/cdi-uploadproxy:1.37.1
suse/sles/15.3/cdi-uploadserver:1.37.1
suse/sles/15.3/libguestfs-tools:0.45.0
suse/sles/15.3/virt-api:0.45.0
suse/sles/15.3/virt-controller:0.45.0
suse/sles/15.3/virt-handler:0.45.0
suse/sles/15.3/virt-launcher:0.45.0
suse/sles/15.3/virt-operator:0.45.0
suse/sles12sp3
suse/sles12sp4
suse/sles12sp5
trento/trento-db
trento/trento-runner
trento/trento-web
cpioReleased
ses/7/ceph/ceph
ses/7/cephcsi/csi-attacher:v2.1.0
ses/7/cephcsi/csi-node-driver-registrar:v1.2.0
ses/7/cephcsi/csi-provisioner:v1.6.0
ses/7/cephcsi/csi-resizer:v0.4.0
ses/7/cephcsi/csi-snapshotter:v2.1.0
ses/7/cephcsi/csi-snapshotter:v2.1.1
suse/sle-micro/5.0/toolbox
suse/sles/15.2/virt-api:0.38.1
suse/sles/15.2/virt-controller:0.38.1
suse/sles/15.2/virt-handler:0.38.1
suse/sles/15.2/virt-launcher:0.38.1
suse/sles/15.2/virt-operator:0.38.1
cpioIn progress