Lucene search
AmazonALAS-2015-499HistoryApr 01, 2015 - 1:32 p.m.
Low: pigz
2015-04-0113:32:00
alas.aws.amazon.com
8
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
84.9%
Issue Overview:
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) … (dot dot) in an archive.
Affected Packages:
pigz
Issue Correction:
Run yum update pigz to update your system.
New Packages:
i686:
pigz-2.3.3-1.6.amzn1.i686
pigz-debuginfo-2.3.3-1.6.amzn1.i686
src:
pigz-2.3.3-1.6.amzn1.src
x86_64:
pigz-2.3.3-1.6.amzn1.x86_64
pigz-debuginfo-2.3.3-1.6.amzn1.x86_64
Additional References
Red Hat: CVE-2015-1191
Mitre: CVE-2015-1191
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | pigz | < 2.3.3-1.6.amzn1 | pigz-2.3.3-1.6.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | pigz-debuginfo | < 2.3.3-1.6.amzn1 | pigz-debuginfo-2.3.3-1.6.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | pigz | < 2.3.3-1.6.amzn1 | pigz-2.3.3-1.6.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | pigz-debuginfo | < 2.3.3-1.6.amzn1 | pigz-debuginfo-2.3.3-1.6.amzn1.x86_64.rpm |
Related
cve
cve
CVE-2015-1191
2015-01-21 18:59:52
ibm
ibm
Security Bulletin: A vulnerability in pigz affects PowerKVM (CVE-2015-1191)
2018-06-18 01:33:17
archlinux
archlinux
pigz: arbitrary write to files
2015-02-09 00:00:00
nessus
nessus
openSUSE Security Update : pigz (openSUSE-2016-303)
2016-03-07 00:00:00
openSUSE Security Update : pigz (openSUSE-2016-299)
2016-03-07 00:00:00
SUSE SLED12 / SLES12 Security Update : pigz (SUSE-SU-2015:0670-1)
2015-05-20 00:00:00
cvelist
cvelist
CVE-2015-1191
2015-01-21 18:00:00
nvd
nvd
CVE-2015-1191
2015-01-21 18:59:52
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-499)
2015-09-08 00:00:00
Fedora Update for pigz FEDORA-2015-1510
2015-02-15 00:00:00
Fedora Update for pigz FEDORA-2015-1488
2015-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: pigz-2.3.3-1.fc20
2015-02-15 03:18:48
[SECURITY] Fedora 21 Update: pigz-2.3.3-1.fc21
2015-02-15 03:26:15
ubuntucve
ubuntucve
CVE-2015-1191
2015-01-21 00:00:00
debiancve
debiancve
CVE-2015-1191
2015-01-21 18:59:52
mageia
mageia
Updated pigz packages fix security vulnerability
2016-03-10 01:57:53
prion
prion
Directory traversal
2015-01-21 18:59:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
84.9%
Related for ALAS-2015-499