지락문화예술공작단

USN-2906-1: GNU cpio vulnerabilities Ubuntu Security Notice USN-2906-1 22nd February, 2016 cpio vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in GNU cpio. Software description cpio – a tool to manage archives of files Details Alexander Cherepanov discovered that GNU cpio incorrectly handled symboliclinks when used with the –no-absolute-filenames option. If a user orautomated system were tricked into extracting a specially-crafted cpioarchive, a remote attacker could possibly use this issue to write arbitraryfiles. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2015-1197) Gustavo Grieco discovered that GNU cpio incorrectly handled memory whenextracting archive files. If a user or automated system were tricked intoextracting a specially-crafted cpio archive, a remote attacker could usethis issue to cause GNU cpio to crash, resulting [ more… ]