Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
http://advisories.mageia.org/MGASA-2015-0106.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html
http://www.debian.org/security/2015/dsa-3180
http://www.mandriva.com/security/advisories?name=MDVSA-2015:157
http://www.openwall.com/lists/oss-security/2015/01/07/5
http://www.openwall.com/lists/oss-security/2015/01/16/7
http://www.securitytracker.com/id/1035996
http://www.ubuntu.com/usn/USN-2549-1
https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526
https://github.com/libarchive/libarchive/pull/110
https://groups.google.com/forum/#!msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J
https://security.gentoo.org/glsa/201701-03
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.asc
OR
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:x64:*:* versions up to 3.1.2 (inclusive)
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
135650 | EulerOS Virtualization 3.0.2.2 : libarchive (EulerOS-SA-2020-1488) | Nessus | Huawei Local Security Checks | medium |
134515 | EulerOS Virtualization for ARM 64 3.0.2.0 : libarchive (EulerOS-SA-2020-1226) | Nessus | Huawei Local Security Checks | medium |
132139 | EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2604) | Nessus | Huawei Local Security Checks | medium |
131871 | EulerOS 2.0 SP2 : libarchive (EulerOS-SA-2019-2379) | Nessus | Huawei Local Security Checks | medium |
130664 | EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-2202) | Nessus | Huawei Local Security Checks | medium |
96234 | GLSA-201701-03 : libarchive: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
95559 | openSUSE Security Update : libarchive (openSUSE-2016-1405) | Nessus | SuSE Local Security Checks | high |
95558 | openSUSE Security Update : libarchive (openSUSE-2016-1404) | Nessus | SuSE Local Security Checks | high |
95367 | SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2016:2911-1) | Nessus | SuSE Local Security Checks | high |
93187 | SUSE SLES11 Security Update : bsdtar (SUSE-SU-2016:1939-1) | Nessus | SuSE Local Security Checks | medium |
92790 | Splunk Enterprise < 5.0.16 / 6.0.12 / 6.1.11 / 6.2.11 / 6.3.6 / 6.4.2 or Splunk Light < 6.4.2 Multiple Vulnerabilities | Nessus | CGI abuses | medium |
87984 | FreeBSD : libarchive -- multiple vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5) | Nessus | FreeBSD Local Security Checks | medium |
83710 | SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2015:0667-1) | Nessus | SuSE Local Security Checks | medium |
82410 | Mandriva Linux Security Advisory : libarchive (MDVSA-2015:157) | Nessus | Mandriva Local Security Checks | medium |
82268 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : libarchive vulnerabilities (USN-2549-1) | Nessus | Ubuntu Local Security Checks | medium |
82012 | openSUSE Security Update : libarchive (openSUSE-2015-248) | Nessus | SuSE Local Security Checks | medium |
81654 | Debian DSA-3180-1 : libarchive - security update | Nessus | Debian Local Security Checks | medium |