ALT Linux Team

Package cpio update in sisyphus on 2015-12-14

ALT-PU-2015-2097-1

Package cpio updated to version 2.12-alt1 for branch sisyphus in task 154859.

Closed vulnerabilities

Published: 2016-02-22

BDU:2016-00608

Уязвимость утилиты архивирования Сpio, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2014-12-02
Modified: 2025-04-12

CVE-2014-9112

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2015-02-19
Modified: 2025-04-12

CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N
References:
Published: 2016-02-22
Modified: 2025-04-12

CVE-2016-2037

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top