Jump to:

CVE-2015-1191

Jump to:

CVE-2015-1191

Package pigz updated to version 2.3.4-alt1 for branch sisyphus in task 170234.

Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-1191

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

http://lists.opensuse.org/opensuse-updates/2016-03/msg00013.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00017.html
http://www.openwall.com/lists/oss-security/2015/01/18/3
http://www.securityfocus.com/bid/72109
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774978
https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f
http://lists.opensuse.org/opensuse-updates/2016-03/msg00013.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00017.html
http://www.openwall.com/lists/oss-security/2015/01/18/3
http://www.securityfocus.com/bid/72109
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774978
https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f

Version: 2.1.2

Package pigz update in sisyphus on 2016-10-03

ALT-PU-2016-2059-1

Closed vulnerabilities

CVE-2015-1191