news 28 Posted January 28, 2015 Package : rpm Version : 4.8.1-6+squeeze2 CVE ID : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435 CVE-2014-8118 Several vulnerabilities have been fixed in rpm: CVE-2014-8118 Fix integer overflow which allowed remote attackers to execute arbitrary code. CVE-2013-6435 Prevent remote attackers from executing arbitrary code via crafted RPM files. CVE-2012-0815 Fix denial of service and possible code execution via negative value in region offset in crafted RPM files. CVE-2012-0060 and CVE-2012-0061 Prevent denial of service (crash) and possibly execute arbitrary code execution via an invalid region tag in RPM files. We recommend that you upgrade your rpm packages. Share this post Link to post