RPM: Multiple vulnerabilities Multiple vulnerabilities have been found in RPM, possibly allowing local attackers to gain elevated privileges or remote attackers to execute arbitrary code. RPM 2012-06-24 2012-06-24: 1 335880 384967 410949 local, remote 4.9.1.3 4.9.1.3

The Red Hat Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages.

Multiple vulnerabilities have been found in RPM:

A local attacker may be able to gain elevated privileges. Furthermore, a remote attacker could entice a user to open a specially crafted RPM package, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

There is no known workaround at this time.

All RPM users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/rpm-4.9.1.3"
CVE-2010-2059 CVE-2010-2197 CVE-2010-2198 CVE-2010-2199 CVE-2011-3378 CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 underling ackle