Lucene search
DebianDEBIAN:DLA-140-1:1E890HistoryJan 28, 2015 - 6:07 p.m.
[SECURITY] [DLA 140-1] rpm security update
2015-01-2818:07:09
lists.debian.org
9
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.091 Low
EPSS
Percentile
94.6%
Package : rpm
Version : 4.8.1-6+squeeze2
CVE ID : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435
CVE-2014-8118
Several vulnerabilities have been fixed in rpm:
CVE-2014-8118
Fix integer overflow which allowed remote attackers to execute arbitrary
code.
CVE-2013-6435
Prevent remote attackers from executing arbitrary code via crafted
RPM files.
CVE-2012-0815
Fix denial of service and possible code execution via negative value in
region offset in crafted RPM files.
CVE-2012-0060 and CVE-2012-0061
Prevent denial of service (crash) and possibly execute arbitrary code
execution via an invalid region tag in RPM files.
We recommend that you upgrade your rpm packages.
Attachment:
signature.asc
Description: This is a digitally signed message part.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | amd64 | librpm-dev | < 4.8.1-6+squeeze2 | librpm-dev_4.8.1-6+squeeze2_amd64.deb |
| Debian | 7 | i386 | librpm-dbg | < 4.10.0-5+deb7u2 | librpm-dbg_4.10.0-5+deb7u2_i386.deb |
| Debian | 7 | mips | librpm3 | < 4.10.0-5+deb7u2 | librpm3_4.10.0-5+deb7u2_mips.deb |
| Debian | 7 | kfreebsd-i386 | python-rpm | < 4.10.0-5+deb7u2 | python-rpm_4.10.0-5+deb7u2_kfreebsd-i386.deb |
| Debian | 7 | sparc | librpm-dbg | < 4.10.0-5+deb7u2 | librpm-dbg_4.10.0-5+deb7u2_sparc.deb |
| Debian | 7 | mipsel | librpmio3 | < 4.10.0-5+deb7u2 | librpmio3_4.10.0-5+deb7u2_mipsel.deb |
| Debian | 7 | amd64 | python-rpm | < 4.10.0-5+deb7u2 | python-rpm_4.10.0-5+deb7u2_amd64.deb |
| Debian | 7 | kfreebsd-amd64 | librpm3 | < 4.10.0-5+deb7u2 | librpm3_4.10.0-5+deb7u2_kfreebsd-amd64.deb |
| Debian | 7 | mips | librpm-dbg | < 4.10.0-5+deb7u2 | librpm-dbg_4.10.0-5+deb7u2_mips.deb |
| Debian | 7 | kfreebsd-i386 | librpmbuild3 | < 4.10.0-5+deb7u2 | librpmbuild3_4.10.0-5+deb7u2_kfreebsd-i386.deb |
Related
openvas
openvas
Debian: Security Advisory (DLA-140-1)
2023-03-08 00:00:00
Fedora Update for rpm FEDORA-2012-5421
2012-04-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-61)
2015-09-08 00:00:00
osv
osv
rpm - security update
2015-01-28 00:00:00
rpm - security update
2015-01-15 00:00:00
nessus
nessus
Debian DLA-140-1 : rpm security update
2015-03-26 00:00:00
Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)
2012-04-12 00:00:00
OracleVM 3.2 : rpm (OVMSA-2016-0077)
2016-06-22 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rpm-4.9.1.3-1.fc17
2012-04-12 03:27:10
[SECURITY] Fedora 16 Update: rpm-4.9.1.3-1.fc16
2012-04-22 03:42:55
[SECURITY] Fedora 20 Update: rpm-4.11.3-2.fc20
2014-12-29 09:57:18
amazon
amazon
Important: rpm
2012-04-05 12:49:00
Important: rpm
2014-12-09 07:34:00
redhat
redhat
(RHSA-2012:0451) Important: rpm security update
2012-04-03 00:00:00
(RHSA-2014:1976) Important: rpm security update
2014-12-09 00:00:00
(RHSA-2014:1975) Important: rpm security update
2014-12-09 00:00:00
oraclelinux
oraclelinux
rpm security update
2012-04-03 00:00:00
rpm security update
2014-12-09 00:00:00
rpm security update
2014-12-09 00:00:00
centos
centos
popt, rpm security update
2012-04-03 17:07:58
rpm security update
2014-12-10 12:49:42
popt, rpm security update
2014-12-09 20:01:37
ibm
ibm
Security Bulletin: Vulnerabilities in rpm affect IBM Flex System Manager (FSM): (CVE-2013-6435, CVE-2014-8118)
2019-01-31 01:45:01
Security Bulletin: RPM vulnerability issue on IBM Storwize V7000 Unified (CVE-2013-6435)
2018-06-18 00:09:22
Security Bulletin: RPM vulnerability issue on IBM SONAS (CVE-2013-6435)
2018-06-18 00:09:23
ubuntu
ubuntu
RPM vulnerabilities
2015-01-19 00:00:00
RPM vulnerabilities
2013-01-17 00:00:00
suse
suse
Security update for rpm (important)
2015-01-22 18:04:56
Security update for popt (important)
2014-12-24 08:05:00
mageia
mageia
Updated rpm packages fix security vulnerabilities
2014-12-14 17:10:39
securityvulns
securityvulns
[ MDVSA-2014:251 ] rpm
2014-12-22 00:00:00
RPM security vulnerabilities
2014-12-22 00:00:00
debian
debian
[SECURITY] [DSA 3129-1] rpm security update
2015-01-15 21:20:35
gentoo
gentoo
RPM: Multiple vulnerabilities
2018-11-28 00:00:00
RPM: Multiple vulnerabilities
2012-06-24 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
checkpoint_advisories
checkpoint_advisories
RPM Package Manager CPIO Header NameSize Integer Overflow (CVE-2014-8118)
2015-02-16 00:00:00
cve
cve
prion
prion
Integer overflow
2014-12-16 18:59:00
Race condition
2014-12-16 18:59:00
Design/Logic Flaw
2012-06-04 20:55:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:03:22
Arbitrary Code Execution
2020-04-10 01:10:31
Arbitrary Code Execution
2020-04-10 01:10:31
f5
f5
K16383 : Linux RPM vulnerability CVE-2013-6435
2015-09-11 00:00:00
SOL16383 - Linux RPM vulnerability CVE-2013-6435
2015-04-09 00:00:00
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.091 Low
EPSS
Percentile
94.6%
Related for DEBIAN:DLA-140-1:1E890