| 1 |
type: security |
| 2 |
subject: Updated cpio packages fix security vulnerabilities |
| 3 |
CVE: |
| 4 |
- CVE-2015-1197 |
| 5 |
- CVE-2019-14866 |
| 6 |
src: |
| 7 |
7: |
| 8 |
core: |
| 9 |
- cpio-2.13-1.mga7 |
| 10 |
description: | |
| 11 |
in cpio 2.11, when using the --no-absolute-filenames option, allows local |
| 12 |
users to write to arbitrary files via a symlink attack on a file in an |
| 13 |
archive (CVE-2015-1197). |
| 14 |
|
| 15 |
Thomas Habets discovered that GNU cpio incorrectly handled certain |
| 16 |
inputs. An attacker could possibly use this issue to privilege escalation |
| 17 |
(CVE-2019-14866). |
| 18 |
|
| 19 |
cpio has been updated to 2.13 that fixes theese issues. |
| 20 |
references: |
| 21 |
- https://bugs.mageia.org/show_bug.cgi?id=25680 |
| 22 |
- https://usn.ubuntu.com/4176-1/ |
Parent Directory
| 
Revision Log