oss-sec mailing list archives

xarchiver: Path traversal with crafted cpio archives

From: Ingo Brückl <ib () oddnet de>
Date: Fri, 29 Dec 2023 15:34:07 +0100

With

https://github.com/ib/xarchiver/commit/85dcd9058a528181c786da1899b68110301d1aa1

xarchiver rejects all unmodified cpio versions affected by path traversal
vulnerability.

It is recommended that all users upgrade to xarchiver 0.5.4.22.

Ingo

Current thread:

xarchiver: Path traversal with crafted cpio archives Ingo Brückl (Dec 27)
- xarchiver: Path traversal with crafted cpio archives Ingo Brückl (Dec 29)