← voltar
CVE-2012-0060

CVE-2012-0060

EPSS 4.8%
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0451.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0531.htmlhttp://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29http://rpm.org/wiki/Releases/4.9.1.3https://bugzilla.redhat.com/show_bug.cgi?id=744858http://secunia.com/advisories/48651http://secunia.com/advisories/48716http://secunia.com/advisories/49110