Zimbra Collaboration - Unrestricted File Upload

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

Astra Linux – Vulnerability in klibc

A issue was discovered in klibc before version 2.0.9. Multiple potential integer overflows in the cpio command on 32-bit systems could lead to a buffer overflow or other security issues...

CLSA-2026-1777538340 Update of cpio

Fix integer overflow in dstring.c dsfgetstr that triggers an out-of-bounds heap write...

Astra Linux – Vulnerability in klibc

A issue was discovered in klibc before version 2.0.9. An integer overflow in the cpio command may lead to a NULL pointer dereferencing on 64-bit systems...

Astra Linux - уязвимость в cpio

Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...

Astra Linux – Vulnerability in Cpio

In GNU Cpio from version 2.13 onwards, attackers can execute arbitrary code by using a crafted pattern file. This occurs due to a dstring.c dsfgetstr integer overflow, which triggers an out-of-bounds heap write. NOTE: It is unclear whether there are common cases where the pattern file, associated...

CLSA-2026-1777368104 Fix CVE(s): CVE-2023-39810

SECURITY UPDATE: directory traversal in cpio extraction - debian/patches/CVE-2023-39810.patch: add FEATUREPATHTRAVERSALPROTECTION config option, call stripunsafeprefix in dataextractall.c to prevent path traversal via ../ in archive filenames. Covers cpio, ar, rpm. - Enable...

[SECURITY] Fedora 44 Update: libarchive-3.8.7-1.fc44

Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

[SECURITY] Fedora 44 Update: libarchive-3.8.6-1.fc44

Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.8.7-i586-1slack15.0.txz: Upgraded. Libarchive 3.8.7 is a security and bugfix release. Notable fixes: CAB: fix NULL...

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

SUSE-SU-2026:20592-1 Security update for 7zip

This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...

Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2023-39810)

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

MiracleLinux 7 : cpio-2.11-28.el7 (AXSA:2020-579:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-579:01 advisory. CVE-2019-14866 In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archiv...

MiracleLinux 8 : cpio-2.12-10.el8 (AXSA:2021-1794:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1794:01 advisory. cpio: improper input validation when writing tar header fields leads to unexpected tar generation CVE-2019-14866 Tenable has extracted the preceding...

MiracleLinux 8 : cpio-2.12-11.el8.ML.1 (AXSA:2022-3303:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3303:02 advisory. Update the version to 2.12-11.el8.ML.1. Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...