[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 140-1] rpm security update

Package        : rpm
Version        : 4.8.1-6+squeeze2
CVE ID         : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435

Several vulnerabilities have been fixed in rpm:


    Fix integer overflow which allowed remote attackers to execute arbitrary


    Prevent remote attackers from executing arbitrary code via crafted
    RPM files.


    Fix denial of service and possible code execution via negative value in
    region offset in crafted RPM files.

CVE-2012-0060 and CVE-2012-0061

    Prevent denial of service (crash) and possibly execute arbitrary code
    execution via an invalid region tag in RPM files.

We recommend that you upgrade your rpm packages.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: