[SECURITY] [DLA 140-1] rpm security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 140-1] rpm security update
From: Holger Levsen <holger@layer-acht.org>
Date: Wed, 28 Jan 2015 19:07:09 +0100
Message-id: <[🔎] 201501281907.11089.holger@layer-acht.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : rpm
Version        : 4.8.1-6+squeeze2
CVE ID         : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435
                 CVE-2014-8118

Several vulnerabilities have been fixed in rpm:

CVE-2014-8118

    Fix integer overflow which allowed remote attackers to execute arbitrary
    code.

CVE-2013-6435

    Prevent remote attackers from executing arbitrary code via crafted
    RPM files.

CVE-2012-0815

    Fix denial of service and possible code execution via negative value in
    region offset in crafted RPM files.

CVE-2012-0060 and CVE-2012-0061

    Prevent denial of service (crash) and possibly execute arbitrary code
    execution via an invalid region tag in RPM files.

We recommend that you upgrade your rpm packages.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: [SECURITY] [DLA 139-1] eglibc security update
Next by Date: [SECURITY] [DLA 138-1] jasper security update
Previous by thread: [SECURITY] [DLA 139-1] eglibc security update
Next by thread: [SECURITY] [DLA 138-1] jasper security update
Index(es):
- Date
- Thread