Amazon Linux 1 Security Advisory: ALAS-2015-499
Advisory Release Date: 2015-04-01 13:32 Pacific
Advisory Updated Date: 2015-04-01 17:01 Pacific
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
Affected Packages:
pigz
Issue Correction:
Run yum update pigz to update your system.
i686:
pigz-2.3.3-1.6.amzn1.i686
pigz-debuginfo-2.3.3-1.6.amzn1.i686
src:
pigz-2.3.3-1.6.amzn1.src
x86_64:
pigz-2.3.3-1.6.amzn1.x86_64
pigz-debuginfo-2.3.3-1.6.amzn1.x86_64