ELA-863-1 cpio security update

improper validation of input

2023-06-05
Packagecpio
Version2.11+dfsg-4.1+deb8u4 (jessie), 2.11+dfsg-6+deb9u1 (stretch)
Related CVEs CVE-2019-14866 CVE-2021-38185


Improper validation of input was fixed in GNU cpio, a program to manage archives of files.



For Debian 8 jessie, these problems have been fixed in version 2.11+dfsg-4.1+deb8u4.

For Debian 9 stretch, these problems have been fixed in version 2.11+dfsg-6+deb9u1.

We recommend that you upgrade your cpio packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.