ALAS-2015-499


Amazon Linux 1 Security Advisory: ALAS-2015-499
Advisory Release Date: 2015-04-01 13:32 Pacific
Advisory Updated Date: 2015-04-01 17:01 Pacific
Severity: Low

Issue Overview:

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.


Affected Packages:

pigz


Issue Correction:
Run yum update pigz to update your system.

New Packages:
i686:
    pigz-2.3.3-1.6.amzn1.i686
    pigz-debuginfo-2.3.3-1.6.amzn1.i686

src:
    pigz-2.3.3-1.6.amzn1.src

x86_64:
    pigz-2.3.3-1.6.amzn1.x86_64
    pigz-debuginfo-2.3.3-1.6.amzn1.x86_64