CVE-2015-1191

Published: 21 January 2015

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.

From the Ubuntu security team

It was discovered that pigz was susceptible to a directory traversal vulnerability. If a user were tricked into opening a malicious archive, arbitrary files could be overwritten.

Priority

Medium

Status

Package Release Status
pigz
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(2.3.1-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.3.1-2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.3-2ubuntu0.1~esm1)