Arch Linux Security Advisory ASA-201502-9 ======================================== Severity: High Date : 2015-02-09 CVE-ID : CVE-2015-1191 Package : pigz Type : arbitrary write to files Remote : yes Link : https://wiki.archlinux.org/index.php/CVE Summary ====== The package pigz before version 2.3.3-1 is vulnerable to multiple directory traversal vulnerabilities. That allows remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. Resolution ========= Upgrade to 2.3.3-1 # pacman -Syu "pigz>=2.3.3-1" The problem has been fixed upstream in version 2.3.3. Workaround ========= None. Description ========== The package pigz before version 2.3.3-1 is vulnerable to multiple directory traversal vulnerabilities. That allows remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. Impact ===== A remote attacker is able to write files remotely. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1191
ArchLinux: 201502-9: pigz: arbitrary write to files
February 9, 2015
Summary
The package pigz before version 2.3.3-1 is vulnerable to multiple directory traversal vulnerabilities. That allows remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
Resolution
Upgrade to 2.3.3-1
# pacman -Syu "pigz>=2.3.3-1"
The problem has been fixed upstream in version 2.3.3.
References
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1191
Severity
Package : pigz
Type : arbitrary write to files
Remote : yes
Link : https://wiki.archlinux.org/index.php/CVE
Workaround
None.
News
HOWTOs
About Us
Powered By
