CVE-2015-2304

Опубликовано: 15 мар. 2015

Источник: debian

Описание

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libarchive	fixed	3.1.2-11		package

Примечания

https://www.openwall.com/lists/oss-security/2015/01/16/7
Patch: https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526

Связанные уязвимости

CVE-2015-2304

ubuntu

почти 11 лет назад

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

CVE-2015-2304

redhat

около 11 лет назад

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

CVE-2015-2304

nvd

почти 11 лет назад

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

GHSA-fg4c-3cxq-4rf3

github

больше 3 лет назад

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

SUSE-SU-2015:0667-1

suse-cvrf

почти 11 лет назад

Security update for libarchive