From ${URL} : A heap-based buffer overflow flaw was reported in cpio's list_file() function. Attempting to extract a malicious cpio archive could cause cpio to crash or, potentially, execute arbitrary code. As noted in the original report, this issue could be trigger via other utilities, such as when running "less". A patch is not yet available. Original report: http://seclists.org/fulldisclosure/2014/Nov/74 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-9112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9112): Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
+*cpio-2.11-r2 (09 Jan 2015) + + 09 Jan 2015; Tony Vroon <chainsaw@gentoo.org> +cpio-2.11-r2.ebuild, + +files/cpio-2.11-security.patch: + Scavenge upstream bug fixes for heap-based buffer overflow and directory + traversal through symlinks. For security bugs #530512 and #536010. Arches, please test & mark stable: =app-arch/cpio-2.11-r2 Target stable keywords: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86
x86 done!
Stable on alpha.
Arches, please test & mark stable: =app-arch/cpio-2.11-r3 Target stable keywords: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 (Only change is the addition of eautoreconf and removal of a now unnecessary libexec directory removal; existing alpha & x86 stable keywords transferred)
Stable for HPPA.
arm stable
amd64 stable
sparc stable
ppc/ppc64/s390 stable
ia64 stable
With all stable arches completed, and only non-stable left setting the whiteboard appropriately. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201502-11 at http://security.gentoo.org/glsa/glsa-201502-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
