Ingo Brückl discovered that cpio contained a path traversal vulnerability.
If a user or automated system were tricked into extracting a specially
crafted cpio archive, an attacker could possibly use this issue to write
arbitrary files outside the target directory on the host, even if using the
option –no-absolute-filenames.
More Stories
dotnet8.0-8.0.105-1.fc39
FEDORA-2024-3acd2ba1d3 Packages in this update: dotnet8.0-8.0.105-1.fc39 Update description: This is the May 2024 release for .NET 8. This is a...
chromium-125.0.6422.60-1.fc38
FEDORA-2024-3a548f46a8 Packages in this update: chromium-125.0.6422.60-1.fc38 Update description: update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High...
chromium-125.0.6422.60-1.fc40
FEDORA-2024-c01c1f5f82 Packages in this update: chromium-125.0.6422.60-1.fc40 Update description: update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High...
chromium-125.0.6422.60-1.fc39
FEDORA-2024-382a7dba53 Packages in this update: chromium-125.0.6422.60-1.fc39 Update description: update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High...
USN-6774-1: Linux kernel vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal,...
dotnet7.0-7.0.119-1.fc38
FEDORA-2024-bdd75e525c Packages in this update: dotnet7.0-7.0.119-1.fc38 Update description: This is the May 2024 security update for .NET 7. This is...