Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

rpm vulnerabilities

Related Vulnerabilities: CVE-2013-6435   CVE-2014-8118  

Several security issues were fixed in RPM.

Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435)

Source

19 January 2015

rpm vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in RPM.

Software Description

  • rpm - package manager for RPM

Details

Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435)

Florian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use this issue to cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8118)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10
rpm - 4.11.2-3ubuntu0.1
Ubuntu 14.04 LTS
rpm - 4.11.1-3ubuntu0.1
Ubuntu 12.04 LTS
rpm - 4.9.1.1-1ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started