Advisories » MGASA-2015-0106

Updated libarchive packages fix security vulnerability

Publication date: 12 Mar 2015
Modification date: 12 Mar 2015
Type: security
Affected Mageia releases : 4

Description

Updated libarchive packages fix security vulnerability:

Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio"
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15438
• http://openwall.com/lists/oss-security/2015/01/16/7
• https://www.debian.org/security/2015/dsa-3180

SRPMS

4/core

• libarchive-3.1.2-2.1.mga4