Описание
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
A flaw was found in cpio. The fix for CVE-2015-1197 created other issues, and the patch to fix this issue was reverted, causing a regression when the --no-absolute-filenames command line option is used, resulting in a path traversal vulnerability.
Меры по смягчению последствий
Do not process untrusted archives with the cpio program.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | cpio | Out of support scope | ||
| Red Hat Enterprise Linux 7 | cpio | Out of support scope | ||
| Red Hat Enterprise Linux 8 | cpio | Will not fix | ||
| Red Hat Enterprise Linux 9 | cpio | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
Debian's cpio contains a path traversal vulnerability. This issue was ...
5.5 Medium
CVSS3