[Frugalware-darcs] homepage-ng: FSA56-rpm

voroskoi voroskoi at frugalware.org
Fri Nov 24 00:31:04 CET 2006


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20061123232540-dd049-346c8874abd22eb8aa8c89c67507fa92f2b3aadc.gz;

[FSA56-rpm
voroskoi <voroskoi at frugalware.org>**20061123232540] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>56</id>
+		<date>2006-11-24</date>
+		<author>voroskoi</author>
+		<package>rpm</package>
+		<vulnerable>4.4.2-4</vulnerable>
+		<unaffected>4.4.2-5siwenna1</unaffected>
+		<bts>http://bugs.frugalware.org/task/1426</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466</cve>
+		<desc>A vulnerability has been reported in RPM, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
+			The vulnerability is caused due to a boundary error when processing certain RPM packages. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into querying a specially crafted RPM package.</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list