Mandriva Linux Security Advisory : cpio (MDVSA-2014:250)
Medium Nessus Plugin ID 79995
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated cpio package fixes security vulnerability :
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112).
Additionally, a NULL pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.
SolutionUpdate the affected cpio package.