ALT-PU-2015-2183-1
Closed vulnerabilities
Published: 2014-12-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-9112
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
Severity: MEDIUM (5.0)
References:
- 20141123 on Linux, 'less' can probably get you owned
- 20141123 on Linux, 'less' can probably get you owned
- 60167
- 60167
- 62145
- 62145
- DSA-3111
- DSA-3111
- [oss-security] 20141123 so, can we do something about lesspipe? (+ a cpio bug to back up the argument)
- [oss-security] 20141123 so, can we do something about lesspipe? (+ a cpio bug to back up the argument)
- [oss-security] 20141125 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]
- [oss-security] 20141125 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]
- [oss-security] 20141126 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]
- [oss-security] 20141126 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 71248
- 71248
- USN-2456-1
- USN-2456-1
- linux-kernel-lesspipe-code-exec(98918)
- linux-kernel-lesspipe-code-exec(98918)
- https://savannah.gnu.org/bugs/?43709
- https://savannah.gnu.org/bugs/?43709
Published: 2015-02-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Severity: LOW (1.9)
References:
- http://advisories.mageia.org/MGASA-2015-0080.html
- http://advisories.mageia.org/MGASA-2015-0080.html
- http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
- http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
- MDVSA-2015:066
- MDVSA-2015:066
- [oss-security] 20150108 Directory traversals in cpio and friends?
- [oss-security] 20150108 Directory traversals in cpio and friends?
- [oss-security] 20150118 Re: CVE Request: cpio -- directory traversal
- [oss-security] 20150118 Re: CVE Request: cpio -- directory traversal
- [oss-security] 20231221 Security vulnerability in Debian's cpio 2.13
- [oss-security] 20231221 Security vulnerability in Debian's cpio 2.13
- [oss-security] 20231227 xarchiver: Path traversal with crafted cpio archives
- [oss-security] 20231227 xarchiver: Path traversal with crafted cpio archives
- 71914
- 71914
- USN-2906-1
- USN-2906-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
- [Bug-cpio] 20150108 cpio: directory traversal vulnerability via symlinks
- [Bug-cpio] 20150108 cpio: directory traversal vulnerability via symlinks