26 matches found
Astra Linux – Vulnerability in Cpio
Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
...
The vulnerability of the binary archiver cpio lies in the improper limitation of the path name for the limited directory, allowing a hacker to trigger a service failure.
The vulnerability of the binary archiver cpio is related to a regression issue when the --no-absolute-filenames parameter is used. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
USN-6755-1 cpio vulnerabilities
Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the...
Important: cpio
Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Issue Correction: Run dnf update cpio --releasever 2023.3.20240304 or dnf update --advisory...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
DEBIAN-CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
UBUNTU-CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
Path traversal
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
SUSE CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
CVE-2023-35852
In Suricata before 6.0.13 when there is an adversary who controls an external source of rules, a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring...
OESA-2023-1338 cpio security update
GNU cpio copies files into or out of a cpio or tar archive. The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...
OESA-2023-1337 cpio security update
GNU cpio copies files into or out of a cpio or tar archive.The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...
OESA-2023-1336 cpio security update
GNU cpio copies files into or out of a cpio or tar archive.The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...
PT-2023-9341 · Debian +6 · Cpio +7
Name of the Vulnerable Software and Affected Versions: cpio affected versions not specified Description: The issue is related to a path traversal vulnerability in Debian's cpio, which was introduced by reverting patches for a previous issue. This vulnerability is associated with a regression when...
SUSE CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...
cpio security bypass vulnerability
cpio is a set of file backup tools developed by the GNU Project for use in the UNIX operating system and as a file format. The tool supports depositing and reading files from cpio or tar-formatted archive packages. A security vulnerability exists in cpio 2.7 and later versions, which stems from t...