Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths. For the stable distribution (wheezy), this problem has been fixed in version 3.0.4-3+wheezy1. For the upcoming stable distribution (jessie), this problem has been fixed in version 3.1.2-11. For the unstable distribution (sid), this problem has been fixed in version 3.1.2-11. We recommend that you upgrade your libarchive packages.
Alexander Cherepanov discovered that bsdcpio, an implementation of the
cpio
program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.
For the stable distribution (wheezy), this problem has been fixed in version 3.0.4-3+wheezy1.
For the upcoming stable distribution (jessie), this problem has been fixed in version 3.1.2-11.
For the unstable distribution (sid), this problem has been fixed in version 3.1.2-11.
We recommend that you upgrade your libarchive packages.