Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-111-1 cpio

Debian Security Advisory

DLA-111-1 cpio -- LTS security update

Date Reported:

15 Dec 2014

Affected Packages:

cpio

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 772793.
In Mitre's CVE dictionary: CVE-2014-9112.

More information:

Multiple issues have been identified in cpio, including a buffer overflow and multiple NULL pointer dereference, resulting at least in a denial of service and possibly also in an unwanted code execution.

This has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by applying the upstream patches.