10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.1 High
AI Score
Confidence
High
0.368 Low
EPSS
Percentile
97.2%
Package : rpm
Version : 4.8.1-6+squeeze2
CVE ID : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435
CVE-2014-8118
Several vulnerabilities have been fixed in rpm:
CVE-2014-8118
Fix integer overflow which allowed remote attackers to execute arbitrary
code.
CVE-2013-6435
Prevent remote attackers from executing arbitrary code via crafted
RPM files.
CVE-2012-0815
Fix denial of service and possible code execution via negative value in
region offset in crafted RPM files.
CVE-2012-0060 and CVE-2012-0061
Prevent denial of service (crash) and possibly execute arbitrary code
execution via an invalid region tag in RPM files.
We recommend that you upgrade your rpm packages.
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | kfreebsd-i386 | librpm-dev | < 4.10.0-5+deb7u2 | librpm-dev_4.10.0-5+deb7u2_kfreebsd-i386.deb |
Debian | 7 | mipsel | rpm | < 4.10.0-5+deb7u2 | rpm_4.10.0-5+deb7u2_mipsel.deb |
Debian | 6 | amd64 | librpmbuild1 | < 4.8.1-6+squeeze2 | librpmbuild1_4.8.1-6+squeeze2_amd64.deb |
Debian | 7 | kfreebsd-amd64 | librpm-dev | < 4.10.0-5+deb7u2 | librpm-dev_4.10.0-5+deb7u2_kfreebsd-amd64.deb |
Debian | 6 | amd64 | librpm-dev | < 4.8.1-6+squeeze2 | librpm-dev_4.8.1-6+squeeze2_amd64.deb |
Debian | 7 | kfreebsd-i386 | librpmio3 | < 4.10.0-5+deb7u2 | librpmio3_4.10.0-5+deb7u2_kfreebsd-i386.deb |
Debian | 7 | armhf | rpm2cpio | < 4.10.0-5+deb7u2 | rpm2cpio_4.10.0-5+deb7u2_armhf.deb |
Debian | 7 | sparc | librpm-dev | < 4.10.0-5+deb7u2 | librpm-dev_4.10.0-5+deb7u2_sparc.deb |
Debian | 7 | kfreebsd-amd64 | librpmbuild3 | < 4.10.0-5+deb7u2 | librpmbuild3_4.10.0-5+deb7u2_kfreebsd-amd64.deb |
Debian | 7 | s390 | librpmbuild3 | < 4.10.0-5+deb7u2 | librpmbuild3_4.10.0-5+deb7u2_s390.deb |