First published: Mon Jan 05 2015(Updated: )
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU cpio | =2.11 | |
debian/cpio | 2.13+dfsg-7.1~deb11u1 2.13+dfsg-7.1 2.15+dfsg-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.