Univention Bugzilla – Bug 37294
cpio: Buffer overflow (3.2)
Last modified: 2016-06-29 12:38:49 CEST
A buffer overflow in cpio allows the execution of arbitrary code or denial of service if a malformed CPIO archive is opened (CVE-2014-9112)
Directory traversal in cpio (CVE-2015-1197)
CVE-2014-9112 has been fixed in upstream Debian package version 2.11-4+deb6u1 CVE-2015-1197 has bee classified as "Minor issue" in Debian
Upstream Debian package version 2.11-4+deb6u2 fixes this additional issue: * out-of-bounds write with cpio 2.11 (CVE-2016-2037)
Upstream version 2.11-4+deb6u2 imported and built. Advisory: cpio.yaml
Tests (i386): OK Advisory: OK
<http://errata.software-univention.de/ucs/3.2/439.html>