All errata/sisyphus/ALT-PU-2015-2097-1
ALT-PU-2015-2097-1

Package update cpio in branch sisyphus

Version2.12-alt1
Task#154859
Published2015-12-14
Max severityMEDIUM
Severity:

Closed issues (4)

BDU:2016-00608
MEDIUM4.3

Уязвимость утилиты архивирования Сpio, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-03-17Modified: 2022-10-18
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
References
CVE-2014-9112
MEDIUM5.0

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

Published: 2014-12-02Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2015-1197
LOW1.9

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Published: 2015-02-19Modified: 2025-04-12
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2016-2037
MEDIUM6.5

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Published: 2016-02-22Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References