Launchpad CVE tracker

CVE 2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Related bugs and status

CVE-2015-1197 (Candidate) is related to these bugs:

Bug #1446468: rinse broken due to cpio fix for CVE-2015-1197

Summary				In	Importance	Status
	1446468	rinse broken due to cpio fix for CVE-2015-1197		rinse (Ubuntu)	High	Fix Released
	1446468	rinse broken due to cpio fix for CVE-2015-1197		rinse (Debian)	Unknown	Fix Released

Bug #1904615: cpio symlink traversal

Summary				In	Importance	Status
	1904615	cpio symlink traversal		cpio (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MLIST: [Bug-cpio] 20150108 cp...
MLIST: [oss-security] 2015010...
MLIST: [oss-security] 2015011...
MISC: https://bugs.debian.or...
BID: 71914
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:066
UBUNTU: USN-2906-1
MISC: http://packetstormsecu...
MLIST: [oss-security] 2023122...
MLIST: [oss-security] 2023122...

Launchpad.net

CVE 2015-1197

Related bugs and status

Related bugs

References