Debian Security Advisory
DLA-140-1 rpm -- LTS security update
- Date Reported:
- 28 Jan 2015
- Affected Packages:
- rpm
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0060, CVE-2012-0061, CVE-2012-0815, CVE-2013-6435, CVE-2014-8118.
- More information:
-
Several vulnerabilities have been fixed in rpm:
- CVE-2014-8118
Fix integer overflow which allowed remote attackers to execute arbitrary code.
- CVE-2013-6435
Prevent remote attackers from executing arbitrary code via crafted RPM files.
- CVE-2012-0815
Fix denial of service and possible code execution via negative value in region offset in crafted RPM files.
- CVE-2012-0060
and CVE-2012-0061
Prevent denial of service (crash) and possibly execute arbitrary code execution via an invalid region tag in RPM files.
We recommend that you upgrade your rpm packages.
For Debian 6
Squeeze
, these issues have been fixed in rpm version 4.8.1-6+squeeze2 - CVE-2014-8118