16 matches found
Astra Linux – Vulnerability in Cpio
Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
...
Important: cpio
Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Issue Correction: Run dnf update cpio --releasever 2023.3.20240304 or dnf update --advisory...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
DEBIAN-CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
UBUNTU-CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
SUSE CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
OESA-2023-1337 cpio security update
GNU cpio copies files into or out of a cpio or tar archive.The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...
PT-2023-9341 · Debian +6 · Cpio +7
Name of the Vulnerable Software and Affected Versions: cpio affected versions not specified Description: The issue is related to a path traversal vulnerability in Debian's cpio, which was introduced by reverting patches for a previous issue. This vulnerability is associated with a regression when...
USN-2906-1 cpio vulnerabilities
Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files...
DEBIAN-CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...
CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...
UBUNTU-CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...