MGASA-2019-0326

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0326.html

Import Source

https://advisories.mageia.org/MGASA-2019-0326.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0326

Related

Published

2019-11-14T16:58:51Z

Modified

2019-11-14T16:38:56Z

Summary

Updated cpio packages fix security vulnerabilities

Details

in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive (CVE-2015-1197).

Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation (CVE-2019-14866).

cpio has been updated to 2.13 that fixes theese issues.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / cpio

Package

Name: cpio
Purl: pkg:rpm/mageia/cpio?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-1.mga7

Ecosystem specific

{
    "section": "core"
}