Updated cpio package fixes security vulnerability
Publication date: 14 Dec 2014Modification date: 14 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9112
Description
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112). Additionally, a null pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.
References
SRPMS
4/core
- cpio-2.11-6.2.mga4