[Frugalware-security] [ FSA-56 ] rpm

voroskoi noreply at frugalware.org
Fri Nov 24 00:31:03 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-56

Date: 2006-11-24
Package: rpm
Vulnerable versions: <= 4.4.2-4
Unaffected versions: >= 4.4.2-5siwenna1
Related bugreport: http://bugs.frugalware.org/task/1426
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466

Description
===========

A vulnerability has been reported in RPM, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error when processing certain RPM packages. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into querying a specially crafted RPM package.

Updated Packages
================

Check if you have rpm installed:

	# pacman -Q rpm

If found, then you should upgrade to the latest version:

	# pacman -Sy rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFZi83Z7NElSD1VhkRAvEnAJ9IEC9Tg61yenzDRXhhCwTdKtMdOQCcDE2L
+RWVBUeAVwxP22GTZneyUaQ=
=GJNX
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list