Package : rpm Version : 4.8.1-6+squeeze2 CVE ID : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435 CVE-2014-8118 Several vulnerabilities have been fixed in rpm: CVE-2014-8118 Fix integer overflow which allowed remote attackers to execute arbitrary code. CVE-2013-6435 Prevent remote attackers from executing arbitrary code via crafted RPM files. CVE-2012-0815 Fix denial of service and possible code execution via negative value in region offset in crafted RPM files. CVE-2012-0060 and CVE-2012-0061 Prevent denial of service (crash) and possibly execute arbitrary code execution via an invalid region tag in RPM files. We recommend that you upgrade your rpm packages.
Attachment:
signature.asc
Description: This is a digitally signed message part.