USN-6755-1: GNU cpio vulnerabilities

Ubuntu Security Advisory

Ingo Br├╝ckl discovered that cpio contained a path traversal vulnerability.
If a user or automated system were tricked into extracting a specially
crafted cpio archive, an attacker could possibly use this issue to write
arbitrary files outside the target directory on the host, even if using the
option –no-absolute-filenames.


Leave a Reply

Your email address will not be published. Required fields are marked *