MGASA-2015-0252 Updated p7zip package fixes security vulnerability

Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current...

cpio: directory traversal

It was reported that cpio is vulnerable to a directory traversal vulnerability when using the --no-absolute-filenames option. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write to...

Updated cpio package fixes security vulnerability

In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries...

p7zip -- directory traversal vulnerability

Alexander Cherepanov reports: 7z and 7zr is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directo...