Debian Security Advisory
DLA-140-1 rpm -- LTS security update
- Date Reported:
- 28 Jan 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0060, CVE-2012-0061, CVE-2012-0815, CVE-2013-6435, CVE-2014-8118.
- More information:
Several vulnerabilities have been fixed in rpm:
Fix integer overflow which allowed remote attackers to execute arbitrary code.
Prevent remote attackers from executing arbitrary code via crafted RPM files.
Fix denial of service and possible code execution via negative value in region offset in crafted RPM files.
Prevent denial of service (crash) and possibly execute arbitrary code execution via an invalid region tag in RPM files.
We recommend that you upgrade your rpm packages.
For Debian 6
Squeeze, these issues have been fixed in rpm version 4.8.1-6+squeeze2