Debian-LTS alert DLA-140-1 (rpm) [LWN.net]


From:
    	       Holger Levsen <holger@layer-acht.org> 
To:
    	       debian-lts-announce@lists.debian.org 
Subject:
    	       [SECURITY] [DLA 140-1] rpm security update 
Date:
    	       Wed, 28 Jan 2015 19:07:09 +0100
Message-ID:
    	       <201501281907.11089.holger@layer-acht.org>
Package        : rpm
Version        : 4.8.1-6+squeeze2
CVE ID         : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435
                 CVE-2014-8118

Several vulnerabilities have been fixed in rpm:

CVE-2014-8118

    Fix integer overflow which allowed remote attackers to execute arbitrary
    code.

CVE-2013-6435

    Prevent remote attackers from executing arbitrary code via crafted
    RPM files.

CVE-2012-0815

    Fix denial of service and possible code execution via negative value in
    region offset in crafted RPM files.

CVE-2012-0060 and CVE-2012-0061

    Prevent denial of service (crash) and possibly execute arbitrary code
    execution via an invalid region tag in RPM files.

We recommend that you upgrade your rpm packages.

From:		Holger Levsen <holger@layer-acht.org>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 140-1] rpm security update
Date:		Wed, 28 Jan 2015 19:07:09 +0100
Message-ID:		<201501281907.11089.holger@layer-acht.org>