ALAS-2015-499

Amazon Linux 1 (EOL) Security Advisory: ALAS-2015-499
Advisory Released Date: 2015-04-01
Advisory Updated Date: 2015-04-01
Severity: Low
Issue Overview:

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.


Affected Packages:

pigz


Issue Correction:
Run yum update pigz or yum update --advisory ALAS-2015-499 to update your system.

New Packages:
i686:
    pigz-2.3.3-1.6.amzn1.i686
    pigz-debuginfo-2.3.3-1.6.amzn1.i686

src:
    pigz-2.3.3-1.6.amzn1.src

x86_64:
    pigz-2.3.3-1.6.amzn1.x86_64
    pigz-debuginfo-2.3.3-1.6.amzn1.x86_64

Additional References

Red Hat: CVE-2015-1191

Mitre: CVE-2015-1191