rpm: two vulnerabilities

Package(s):

rpm

CVE #(s):

Created:

April 27, 2016

Updated:

November 4, 2016

Description:

From the Red Hat bugzilla:

Bug #1316903: Null pointer dereference in rstrdup triggered by crafted RPM file causing minor crash was reported.

Bug #1316896: Out-of-bounds heap read in rpmtdGetNumber triggered by crafted RPM file was found.

Alerts:

Fedora	FEDORA-2016-927aade89c	rpm	2016-05-22
Fedora	FEDORA-2016-c3d9a9c0c4	rpm	2016-04-26