14 DAY TRIAL // Canonical has just revealed that a couple of GNU cpio vulnerabilities were found and fixed in Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.
We don't usually get fixes for the GNU cpio package, which is a tool used to manage archives of files. From the looks of it, two problems were found and corrected, and a new version of the package is now available in the official repositories.
"IGustavo Grieco discovered that GNU cpio incorrectly handled memory when extracting archive files. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could use this issue to cause GNU cpio to crash, resulting in a denial of service, or possibly execute arbitrary code," reads the security notice.
These are the two issue vulnerabilities that were fixed. For a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system to the latest cpio package specific to each distribution, which will have different version numbers. To apply the patch, users will have to run the Update Manager application.
In general, a standard system update will make all the necessary changes, and there is no need for a restart. This is not a big package, so the update process should be quick and painless.