6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
rpm is vulnerable to arbitrary code execution. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code.
lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
rhn.redhat.com/errata/RHSA-2012-0451.html
rhn.redhat.com/errata/RHSA-2012-0531.html
rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190
rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29
rpm.org/wiki/Releases/4.9.1.3
secunia.com/advisories/48651
secunia.com/advisories/48716
secunia.com/advisories/49110
www.mandriva.com/security/advisories?name=MDVSA-2012:056
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.osvdb.org/81010
www.securityfocus.com/bid/52865
www.securitytracker.com/id?1026882
www.ubuntu.com/usn/USN-1695-1
access.redhat.com/errata/RHSA-2012:0451
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=744858
exchange.xforce.ibmcloud.com/vulnerabilities/74582
hermes.opensuse.org/messages/14440932
hermes.opensuse.org/messages/14441362