Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#44173 - [cpio][CVE-2015-1197] arbitrary file write

Attached to Project: Arch Linux
Opened by Christian Rebischke (Shibumi) - Friday, 13 March 2015, 15:19 GMT
Last edited by Tobias Powalowski (tpowa) - Wednesday, 18 March 2015, 15:26 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Tobias Powalowski (tpowa)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

References
==========
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1197
http://www.openwall.com/lists/oss-security/2015/01/18/7
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Wednesday, 18 March 2015, 15:26 GMT
Reason for closing:  Fixed
Additional comments about closing:  cpio-2.11-6

Loading...