Gentoo Linux Security Advisory 201701-3 - Multiple vulnerabilities have been found in libarchive, the worst of which allows for the remote execution of arbitrary code. Versions less than 3.2.2 are affected.
6e383d806a0d0bc5f7390454433a074fd47878257ac7fa6b5489c1564f435929
FreeBSD Security Advisory - The cpio(1) tool from the libarchive(3) bundle is vulnerable to a directory traversal problem via absolute paths in an archive file. A malicious archive file being unpacked can overwrite an arbitrary file on a filesystem, if the owner of the cpio process has write access to it.
cce26b2a1835322695e6fff10188668916dff833800347947b8674400f19415d
Mandriva Linux Security Advisory 2015-157 - Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.
aafcb56be45cf84fdb1cab4300635f80336bb74b80271f3cf0446fecb12f1f36
Ubuntu Security Notice 2549-1 - It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to arbitrary files. Fabian Yamaguchi discovered that libarchive incorrectly handled certain type conversions. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
a21c54de461ecbc21d0031ce3c666809c5980fd2ba0a648ee1d7e916688abbca