7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.091 Low
EPSS
Percentile
94.6%
Package : rpm
Version : 4.8.1-6+squeeze2
CVE ID : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435
CVE-2014-8118
Several vulnerabilities have been fixed in rpm:
CVE-2014-8118
Fix integer overflow which allowed remote attackers to execute arbitrary
code.
CVE-2013-6435
Prevent remote attackers from executing arbitrary code via crafted
RPM files.
CVE-2012-0815
Fix denial of service and possible code execution via negative value in
region offset in crafted RPM files.
CVE-2012-0060 and CVE-2012-0061
Prevent denial of service (crash) and possibly execute arbitrary code
execution via an invalid region tag in RPM files.
We recommend that you upgrade your rpm packages.
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | librpm-dev | < 4.8.1-6+squeeze2 | librpm-dev_4.8.1-6+squeeze2_amd64.deb |
Debian | 7 | i386 | librpm-dbg | < 4.10.0-5+deb7u2 | librpm-dbg_4.10.0-5+deb7u2_i386.deb |
Debian | 7 | mips | librpm3 | < 4.10.0-5+deb7u2 | librpm3_4.10.0-5+deb7u2_mips.deb |
Debian | 7 | kfreebsd-i386 | python-rpm | < 4.10.0-5+deb7u2 | python-rpm_4.10.0-5+deb7u2_kfreebsd-i386.deb |
Debian | 7 | sparc | librpm-dbg | < 4.10.0-5+deb7u2 | librpm-dbg_4.10.0-5+deb7u2_sparc.deb |
Debian | 7 | mipsel | librpmio3 | < 4.10.0-5+deb7u2 | librpmio3_4.10.0-5+deb7u2_mipsel.deb |
Debian | 7 | amd64 | python-rpm | < 4.10.0-5+deb7u2 | python-rpm_4.10.0-5+deb7u2_amd64.deb |
Debian | 7 | kfreebsd-amd64 | librpm3 | < 4.10.0-5+deb7u2 | librpm3_4.10.0-5+deb7u2_kfreebsd-amd64.deb |
Debian | 7 | mips | librpm-dbg | < 4.10.0-5+deb7u2 | librpm-dbg_4.10.0-5+deb7u2_mips.deb |
Debian | 7 | kfreebsd-i386 | librpmbuild3 | < 4.10.0-5+deb7u2 | librpmbuild3_4.10.0-5+deb7u2_kfreebsd-i386.deb |