Vulnerability CVE-2015-1197: Information
Description
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Severity: LOW (1.9)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
cpio | sisyphus | 2.12-alt1 | 2.15-alt1 | ALT-PU-2015-2097-1 | 154859 | Fixed |
cpio | p10 | 2.12-alt1 | 2.12-alt2 | ALT-PU-2015-2097-1 | 154859 | Fixed |
cpio | p9 | 2.12-alt1 | 2.12-alt1 | ALT-PU-2015-2097-1 | 154859 | Fixed |
cpio | c10f1 | 2.12-alt1 | 2.12-alt2 | ALT-PU-2015-2097-1 | 154859 | Fixed |
cpio | c9f2 | 2.12-alt1 | 2.12-alt1 | ALT-PU-2015-2097-1 | 154859 | Fixed |