CVE-2015-1197
EPSS 3.9%
Description
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
How to fix CVE-2015-1197
To remediate CVE-2015-1197, upgrade the affected package to a fixed version below.
- Debian/cpio—upgrade to 2.11+dfsg-4.1 or later
Is CVE-2015-1197 being exploited?
Low — EPSS is 3.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.11+dfsg-4.1