DEBIAN-CVE-2015-1197

DEBIAN-CVE-2015-1197 PUBLISHED

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Affected Products

Vendor	Product	Versions
Debian:14	cpio	0, 0, 0
Debian:11	cpio	0, 0, 0
Debian:13	cpio	0, 0, 0
Debian:12	cpio	0, 0, 0

Timeline

Feb 19, 2015 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-1197 advisory

Open in Interactive Console →