CVE-2012-0060
CVE-2012-0060
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0451.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0531.htmlhttp://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29http://rpm.org/wiki/Releases/4.9.1.3https://bugzilla.redhat.com/show_bug.cgi?id=744858http://secunia.com/advisories/48651http://secunia.com/advisories/48716http://secunia.com/advisories/49110