[ MDVSA-2015:065 ] cpio

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:065
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : cpio
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated cpio package fixes security vulnerabilities:
 
 Heap-based buffer overflow in the process_copy_in function in GNU
 Cpio 2.11 allows remote attackers to cause a denial of service via
 a large block value in a cpio archive (CVE-2014-9112).
 
 Additionally, a null pointer dereference in the copyin_link function
 which could cause a denial of service has also been fixed.
 
 In GNU Cpio 2.11, the --no-absolute-filenames option limits
 extracting contents of an archive to be strictly inside a current
 directory. However, it can be

007 Software

[ MDVSA-2015:065 ] cpio

Leave a Reply Cancel reply

Software and Security Information