Test ID:	1.3.6.1.4.1.25623.1.1.4.2021.2689.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2021:2689-1)
Summary:	The remote host is missing an update for the 'cpio' package(s) announced via the SUSE-SU-2021:2689-1 advisory.
Description:	Summary: The remote host is missing an update for the 'cpio' package(s) announced via the SUSE-SU-2021:2689-1 advisory. Vulnerability Insight: This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) UPDATE: This update was buggy and could lead to hangs, so it has been retracted. There will be a follow up update. Affected Software/OS: 'cpio' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 4.0, SUSE MicroOS 5.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-38185 https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b https://github.com/fangqyi/cpiopwn https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html https://lists.debian.org/debian-lts-announce/2023/06/msg00007.html
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.