Lucene search
DebianDEBIAN:DLA-140-1:1E890HistoryJan 28, 2015 - 6:07 p.m.
[SECURITY] [DLA 140-1] rpm security update
2015-01-2818:07:09
lists.debian.org
10
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.1 High
AI Score
Confidence
High
0.368 Low
EPSS
Percentile
97.2%
Package : rpm
Version : 4.8.1-6+squeeze2
CVE ID : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435
CVE-2014-8118
Several vulnerabilities have been fixed in rpm:
CVE-2014-8118
Fix integer overflow which allowed remote attackers to execute arbitrary
code.
CVE-2013-6435
Prevent remote attackers from executing arbitrary code via crafted
RPM files.
CVE-2012-0815
Fix denial of service and possible code execution via negative value in
region offset in crafted RPM files.
CVE-2012-0060 and CVE-2012-0061
Prevent denial of service (crash) and possibly execute arbitrary code
execution via an invalid region tag in RPM files.
We recommend that you upgrade your rpm packages.
Attachment:
signature.asc
Description: This is a digitally signed message part.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | kfreebsd-i386 | librpm-dev | < 4.10.0-5+deb7u2 | librpm-dev_4.10.0-5+deb7u2_kfreebsd-i386.deb |
| Debian | 7 | mipsel | rpm | < 4.10.0-5+deb7u2 | rpm_4.10.0-5+deb7u2_mipsel.deb |
| Debian | 6 | amd64 | librpmbuild1 | < 4.8.1-6+squeeze2 | librpmbuild1_4.8.1-6+squeeze2_amd64.deb |
| Debian | 7 | kfreebsd-amd64 | librpm-dev | < 4.10.0-5+deb7u2 | librpm-dev_4.10.0-5+deb7u2_kfreebsd-amd64.deb |
| Debian | 6 | amd64 | librpm-dev | < 4.8.1-6+squeeze2 | librpm-dev_4.8.1-6+squeeze2_amd64.deb |
| Debian | 7 | kfreebsd-i386 | librpmio3 | < 4.10.0-5+deb7u2 | librpmio3_4.10.0-5+deb7u2_kfreebsd-i386.deb |
| Debian | 7 | armhf | rpm2cpio | < 4.10.0-5+deb7u2 | rpm2cpio_4.10.0-5+deb7u2_armhf.deb |
| Debian | 7 | sparc | librpm-dev | < 4.10.0-5+deb7u2 | librpm-dev_4.10.0-5+deb7u2_sparc.deb |
| Debian | 7 | kfreebsd-amd64 | librpmbuild3 | < 4.10.0-5+deb7u2 | librpmbuild3_4.10.0-5+deb7u2_kfreebsd-amd64.deb |
| Debian | 7 | s390 | librpmbuild3 | < 4.10.0-5+deb7u2 | librpmbuild3_4.10.0-5+deb7u2_s390.deb |
Related
nessus
nessus
Debian DLA-140-1 : rpm security update
2015-03-26 00:00:00
Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)
2012-04-12 00:00:00
OracleVM 3.2 : rpm (OVMSA-2016-0077)
2016-06-22 00:00:00
osv
osv
rpm - security update
2015-01-28 00:00:00
rpm - security update
2015-01-15 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-140-1)
2023-03-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-61)
2015-09-08 00:00:00
Fedora Update for rpm FEDORA-2012-5421
2012-04-23 00:00:00
redhat
redhat
(RHSA-2012:0451) Important: rpm security update
2012-04-03 00:00:00
(RHSA-2014:1976) Important: rpm security update
2014-12-09 00:00:00
(RHSA-2014:1975) Important: rpm security update
2014-12-09 00:00:00
oraclelinux
oraclelinux
rpm security update
2012-04-03 00:00:00
rpm security update
2014-12-09 00:00:00
rpm security update
2014-12-09 00:00:00
centos
centos
popt, rpm security update
2012-04-03 17:07:58
rpm security update
2014-12-10 12:49:42
popt, rpm security update
2014-12-09 20:01:37
amazon
amazon
Important: rpm
2012-04-05 12:49:00
Important: rpm
2014-12-09 07:34:00
fedora
fedora
[SECURITY] Fedora 17 Update: rpm-4.9.1.3-1.fc17
2012-04-12 03:27:10
[SECURITY] Fedora 16 Update: rpm-4.9.1.3-1.fc16
2012-04-22 03:42:55
[SECURITY] Fedora 20 Update: rpm-4.11.3-2.fc20
2014-12-29 09:57:18
ubuntu
ubuntu
RPM vulnerabilities
2015-01-19 00:00:00
RPM vulnerabilities
2013-01-17 00:00:00
ibm
ibm
suse
suse
Security update for rpm (important)
2015-01-22 18:04:56
Security update for popt (important)
2014-12-24 08:05:00
securityvulns
securityvulns
[ MDVSA-2014:251 ] rpm
2014-12-22 00:00:00
RPM security vulnerabilities
2014-12-22 00:00:00
debian
debian
[SECURITY] [DSA 3129-1] rpm security update
2015-01-15 21:20:35
mageia
mageia
Updated rpm packages fix security vulnerabilities
2014-12-14 17:10:39
gentoo
gentoo
RPM: Multiple vulnerabilities
2018-11-28 00:00:00
RPM: Multiple vulnerabilities
2012-06-24 00:00:00
ubuntucve
ubuntucve
cve
cve
checkpoint_advisories
checkpoint_advisories
RPM Package Manager CPIO Header NameSize Integer Overflow (CVE-2014-8118)
2015-02-16 00:00:00
cvelist
cvelist
prion
prion
Integer overflow
2014-12-16 18:59:00
Hardcoded credentials
2012-06-04 20:55:00
Race condition
2014-12-16 18:59:00
nvd
nvd
f5
f5
K16383 : Linux RPM vulnerability CVE-2013-6435
2015-09-11 00:00:00
SOL16383 - Linux RPM vulnerability CVE-2013-6435
2015-04-09 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:10:31
Remote Code Execution (RCE)
2019-01-15 09:03:22
Arbitrary Code Execution
2020-04-10 01:10:31
debiancve
debiancve
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.1 High
AI Score
Confidence
High
0.368 Low
EPSS
Percentile
97.2%
Related for DEBIAN:DLA-140-1:1E890