Bugzilla – Bug 1218571
VUL-0: CVE-2023-7207: cpio: Security vulnerability in Debian's cpio 2.13
Last modified: 2024-05-13 12:30:01 UTC
Posted by Mark Esler on Jan 05 Please refer to this path traversal vulnerability as CVE-2023-7207. Upstream fix: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628 References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7207
The NVD CVE page is not up-to-date. Please check MITRE instead: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207
SUSE-SU-2024:0238-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1218571 CVE References: CVE-2023-7207 Sources used: openSUSE Leap 15.4 (src): cpio-2.13-150400.3.3.1 openSUSE Leap Micro 5.3 (src): cpio-2.13-150400.3.3.1 openSUSE Leap Micro 5.4 (src): cpio-2.13-150400.3.3.1 openSUSE Leap 15.5 (src): cpio-2.13-150400.3.3.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): cpio-2.13-150400.3.3.1 SUSE Linux Enterprise Micro 5.3 (src): cpio-2.13-150400.3.3.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): cpio-2.13-150400.3.3.1 SUSE Linux Enterprise Micro 5.4 (src): cpio-2.13-150400.3.3.1 SUSE Linux Enterprise Micro 5.5 (src): cpio-2.13-150400.3.3.1 Basesystem Module 15-SP5 (src): cpio-2.13-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0248-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1218571 CVE References: CVE-2023-7207 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): cpio-2.11-36.18.1 SUSE Linux Enterprise Server 12 SP5 (src): cpio-2.11-36.18.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): cpio-2.11-36.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0305-1: An update that has two security fixes can now be installed. Category: security (moderate) Bug References: 1218571, 1219238 Sources used: openSUSE Leap 15.4 (src): cpio-2.13-150400.3.6.1 openSUSE Leap Micro 5.3 (src): cpio-2.13-150400.3.6.1 openSUSE Leap Micro 5.4 (src): cpio-2.13-150400.3.6.1 openSUSE Leap 15.5 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise Micro 5.3 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise Micro 5.4 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise Micro 5.5 (src): cpio-2.13-150400.3.6.1 Basesystem Module 15-SP5 (src): cpio-2.13-150400.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0825-1: An update that has two security fixes can now be installed. Category: security (moderate) Bug References: 1218571, 1219238 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): cpio-2.11-36.21.1 SUSE Linux Enterprise Server 12 SP5 (src): cpio-2.11-36.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): cpio-2.11-36.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0824-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (moderate) Bug References: 1218571, 1219238 CVE References: CVE-2023-7207 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): cpio-2.12-150000.3.12.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): cpio-2.12-150000.3.12.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): cpio-2.12-150000.3.12.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): cpio-2.12-150000.3.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): cpio-2.12-150000.3.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): cpio-2.12-150000.3.12.1 SUSE Enterprise Storage 7.1 (src): cpio-2.12-150000.3.12.1 SUSE Linux Enterprise Micro 5.1 (src): cpio-2.12-150000.3.12.1 SUSE Linux Enterprise Micro 5.2 (src): cpio-2.12-150000.3.12.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): cpio-2.12-150000.3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done
SUSE-SU-2024:0305-2: An update that solves one vulnerability and has one security fix can now be installed. Category: security (moderate) Bug References: 1218571, 1219238 CVE References: CVE-2023-7207 Maintenance Incident: [SUSE:Maintenance:32275](https://smelt.suse.de/incident/32275/) Sources used: SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): cpio-2.13-150400.3.6.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): cpio-2.13-150400.3.6.1 SUSE Manager Proxy 4.3 (src): cpio-2.13-150400.3.6.1 SUSE Manager Retail Branch Server 4.3 (src): cpio-2.13-150400.3.6.1 SUSE Manager Server 4.3 (src): cpio-2.13-150400.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.