Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.
After many months in development, LinuxSecurity is pleased to announce the public beta of our new site with more of the stuff we love best - the latest news, advisories, feature articles, interviews, and other content relevant to the Linux user.
While we work out any last-minute issues during this beta period, we would really appreciate your input. We need your help to identify any bugs or features we may have missed. See something you really like or don't like? Please share your thoughts!
in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive (CVE-2015-1197). Thomas Habets discovered that GNU cpio incorrectly handled certain
MGASA-2019-0326 - Updated cpio packages fix security vulnerabilities
Publication date: 14 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0326.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2015-1197,
CVE-2019-14866
in cpio 2.11, when using the --no-absolute-filenames option, allows local
users to write to arbitrary files via a symlink attack on a file in an
archive (CVE-2015-1197).
Thomas Habets discovered that GNU cpio incorrectly handled certain
inputs. An attacker could possibly use this issue to privilege escalation
(CVE-2019-14866).
cpio has been updated to 2.13 that fixes theese issues.
References:
- https://bugs.mageia.org/show_bug.cgi?id=25680
- https://usn.ubuntu.com/4176-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866
SRPMS:
- 7/core/cpio-2.13-1.mga7
[{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
bottom200
Copyright 2019 Guardian Digital, Inc. All rights reserved.