Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in RPM.
Software Description:
- rpm: package manager for RPM
Details:
Florian Weimer discovered that RPM incorrectly handled temporary files. A
local attacker could use this issue to execute arbitrary code.
(CVE-2013-6435)
Florian Weimer discovered that RPM incorrectly handled certain CPIO
headers. If a user or automated system were tricked into installing a
malicious package file, a remote attacker could use this issue to cause RPM
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2014-8118)
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: rpm 4.11.2-3ubuntu0.1 Ubuntu 14.04 LTS: rpm 4.11.1-3ubuntu0.1 Ubuntu 12.04 LTS: rpm 4.9.1.1-1ubuntu0.3 In general, a standard system update will make all the necessary changes.
CVE-2013-6435, CVE-2014-8118
Get the latest Linux and open source security news straight to your inbox.