Debian Security Advisory
DLA-111-1 cpio -- LTS security update
- Date Reported:
- 15 Dec 2014
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 772793.
In Mitre's CVE dictionary: CVE-2014-9112.
- More information:
Multiple issues have been identified in cpio, including a buffer overflow and multiple NULL pointer dereference, resulting at least in a denial of service and possibly also in an unwanted code execution.
This has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by applying the upstream patches.