All errata/c6/ALT-PU-2015-2183-1
ALT-PU-2015-2183-1

Package update cpio in branch c6

Version2.11-alt1.M60C.2
Task#153459
Published2015-12-25
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2014-9112
MEDIUM5.0

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

Published: 2014-12-02Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2015-1197
LOW1.9

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Published: 2015-02-19Modified: 2025-04-12
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:P/A:N
References