Lucene search

GoogleOSV:DSA-3180-1

HistoryMar 05, 2015 - 12:00 a.m.

libarchive - security update

2015-03-0500:00:00

Google

osv.dev

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON

Alexander Cherepanov discovered that bsdcpio, an implementation of the
cpio program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.

For the stable distribution (wheezy), this problem has been fixed in
version 3.0.4-3+wheezy1.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.1.2-11.

For the unstable distribution (sid), this problem has been fixed in
version 3.1.2-11.

We recommend that you upgrade your libarchive packages.

CPENameOperatorVersion
libarchiveeq3.0.4-3+nmu1

CPE	Name	Operator	Version
	libarchive	eq	3.0.4-3+nmu1

References

www.debian.org/security/2015/dsa-3180

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON

Related for OSV:DSA-3180-1