The archiver cpio has a new vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2023-7216
Zimbra/amavis was affected by one previously, but not if you have 'pax':
I don't know of any implications at this point, I just wanted to warn people. For me, it's really time I upgrade away from Ubuntu 18.04 to 20.04.
Zimbra/amavis was affected by one previously, but not if you have 'pax':
At the time, the server could be hacked by simply mailing a crafted payload.Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
I don't know of any implications at this point, I just wanted to warn people. For me, it's really time I upgrade away from Ubuntu 18.04 to 20.04.
Statistics: Posted by halfgaar — Tue Feb 13, 2024 8:14 am