CVE-2012-0061
CVE-2012-0061
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0451.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0531.htmlhttp://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86bhttp://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6http://rpm.org/wiki/Releases/4.9.1.3https://bugzilla.redhat.com/show_bug.cgi?id=798585http://secunia.com/advisories/48651http://secunia.com/advisories/48716http://secunia.com/advisories/49110