Advisories » MGASA-2014-0528

Updated cpio package fixes security vulnerability

Publication date: 14 Dec 2014
Modification date: 14 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9112

Description

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11
allows remote attackers to cause a denial of service via a large block value
in a cpio archive (CVE-2014-9112).

Additionally, a null pointer dereference in the copyin_link function which
could cause a denial of service has also been fixed.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14765
• https://bugzilla.redhat.com/show_bug.cgi?id=1167571
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112

SRPMS

4/core

• cpio-2.11-6.2.mga4