Advisories ยป MGASA-2014-0528

Updated cpio package fixes security vulnerability

Publication date: 14 Dec 2014
Modification date: 14 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9112

Description

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11
allows remote attackers to cause a denial of service via a large block value
in a cpio archive (CVE-2014-9112).

Additionally, a null pointer dereference in the copyin_link function which
could cause a denial of service has also been fixed.
                

References

SRPMS

4/core