Debian Security Advisory

DLA-111-1 cpio -- LTS security update

Date Reported:
15 Dec 2014
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 772793.
In Mitre's CVE dictionary: CVE-2014-9112.
More information:

Multiple issues have been identified in cpio, including a buffer overflow and multiple NULL pointer dereference, resulting at least in a denial of service and possibly also in an unwanted code execution.

This has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by applying the upstream patches.