Alexander Cherepanov discovered that bsdcpio, an implementation of the
cpio program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.
For the stable distribution (wheezy), this problem has been fixed in
version 3.0.4-3+wheezy1.
For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.1.2-11.
For the unstable distribution (sid), this problem has been fixed in
version 3.1.2-11.
We recommend that you upgrade your libarchive packages.
CPE | Name | Operator | Version |
---|---|---|---|
libarchive | eq | 3.0.4-3+nmu1 |