MGASA-2014-0528

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0528.html

Import Source

https://advisories.mageia.org/MGASA-2014-0528.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0528

Related

CVE-2014-9112

Published

2014-12-14T14:10:39Z

Modified

2014-12-14T14:03:33Z

Summary

Updated cpio package fixes security vulnerability

Details

Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112).

Additionally, a null pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / cpio

Package

Name: cpio
Purl: pkg:rpm/mageia/cpio?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11-6.2.mga4

Ecosystem specific

{
    "section": "core"
}