Lucene search
GoogleOSV:DLA-140-1HistoryJan 28, 2015 - 12:00 a.m.
rpm - security update
2015-01-2800:00:00
Google
osv.dev
6
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.384 Low
EPSS
Percentile
96.7%
Several vulnerabilities have been fixed in rpm:
- CVE-2014-8118
Fix integer overflow which allowed remote attackers to execute arbitrary
code. - CVE-2013-6435
Prevent remote attackers from executing arbitrary code via crafted
RPM files. - CVE-2012-0815
Fix denial of service and possible code execution via negative value in
region offset in crafted RPM files. - CVE-2012-0060
and CVE-2012-0061
Prevent denial of service (crash) and possibly execute arbitrary code
execution via an invalid region tag in RPM files.
We recommend that you upgrade your rpm packages.
For Debian 6 Squeeze, these issues have been fixed in rpm version 4.8.1-6+squeeze2
| CPE | Name | Operator | Version |
|---|---|---|---|
| rpm | eq | 4.8.1-6 | |
| rpm | eq | 4.8.1-6+squeeze1 |
References
Related
debian
debian
[SECURITY] [DLA 140-1] rpm security update
2015-01-28 18:07:09
[SECURITY] [DSA 3129-1] rpm security update
2015-01-15 21:20:35
nessus
nessus
Debian DLA-140-1 : rpm security update
2015-03-26 00:00:00
Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)
2012-04-12 00:00:00
openvas
openvas
CentOS Update for popt CESA-2012:0451 centos5
2012-07-30 00:00:00
RedHat Update for rpm RHSA-2012:0451-01
2012-04-05 00:00:00
Fedora Update for rpm FEDORA-2012-5421
2012-04-23 00:00:00
redhat
redhat
(RHSA-2012:0451) Important: rpm security update
2012-04-03 00:00:00
(RHSA-2014:1976) Important: rpm security update
2014-12-09 00:00:00
(RHSA-2014:1975) Important: rpm security update
2014-12-09 00:00:00
oraclelinux
oraclelinux
rpm security update
2012-04-03 00:00:00
rpm security update
2014-12-09 00:00:00
rpm security update
2014-12-09 00:00:00
centos
centos
popt, rpm security update
2012-04-03 17:07:58
rpm security update
2014-12-10 12:49:42
popt, rpm security update
2014-12-09 20:01:37
fedora
fedora
[SECURITY] Fedora 17 Update: rpm-4.9.1.3-1.fc17
2012-04-12 03:27:10
[SECURITY] Fedora 16 Update: rpm-4.9.1.3-1.fc16
2012-04-22 03:42:55
[SECURITY] Fedora 20 Update: rpm-4.11.3-2.fc20
2014-12-29 09:57:18
amazon
amazon
Important: rpm
2012-04-05 12:49:00
Important: rpm
2014-12-09 07:34:00
suse
suse
Security update for rpm (important)
2015-01-22 18:04:56
Security update for popt (important)
2014-12-24 08:05:00
mageia
mageia
Updated rpm packages fix security vulnerabilities
2014-12-14 17:10:39
osv
osv
rpm - security update
2015-01-15 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:251 ] rpm
2014-12-22 00:00:00
RPM security vulnerabilities
2014-12-22 00:00:00
ubuntu
ubuntu
RPM vulnerabilities
2013-01-17 00:00:00
RPM vulnerabilities
2015-01-19 00:00:00
ibm
ibm
gentoo
gentoo
RPM: Multiple vulnerabilities
2018-11-28 00:00:00
RPM: Multiple vulnerabilities
2012-06-24 00:00:00
prion
prion
Integer overflow
2014-12-16 18:59:00
Race condition
2014-12-16 18:59:00
Hardcoded credentials
2012-06-04 20:55:00
ubuntucve
ubuntucve
debiancve
debiancve
checkpoint_advisories
checkpoint_advisories
RPM Package Manager CPIO Header NameSize Integer Overflow (CVE-2014-8118)
2015-02-16 00:00:00
cve
cve
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:03:22
Arbitrary Code Execution
2020-04-10 01:10:31
Arbitrary Code Execution
2020-04-10 01:10:31
f5
f5
K16383 : Linux RPM vulnerability CVE-2013-6435
2015-09-11 00:00:00
SOL16383 - Linux RPM vulnerability CVE-2013-6435
2015-04-09 00:00:00
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.384 Low
EPSS
Percentile
96.7%
Related for OSV:DLA-140-1