Your submission was sent successfully! Close

CVE-2015-1197

Published: 19 February 2015

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Priority

Low

Status

Package Release Status
cpio
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (2.11-7ubuntu3.2)
trusty
Released (2.11+dfsg-1ubuntu1.2)
upstream
Released (2.11+dfsg-4.1)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Not vulnerable
(2.11+dfsg-4.1ubuntu1)
xenial Not vulnerable
(2.11+dfsg-4.1ubuntu1)
yakkety Not vulnerable
(2.11+dfsg-4.1ubuntu1)
zesty Not vulnerable
(2.11+dfsg-4.1ubuntu1)