Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "cpio": "2.11+dfsg-1ubuntu1.2+esm1" } ] }
{ "availability": "No subscription required", "binaries": [ { "cpio": "2.11+dfsg-5ubuntu1.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "cpio": "2.12+dfsg-6ubuntu0.18.04.1", "cpio-win32": "2.12+dfsg-6ubuntu0.18.04.1" } ] }