CVE-2012-0060
Publication date 3 April 2012
Last updated 24 July 2024
Ubuntu priority
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
Status
Package | Ubuntu Release | Status |
---|---|---|
rpm | 12.10 quantal |
Not affected
|
12.04 LTS precise |
Fixed 4.9.1.1-1ubuntu0.1
|
|
11.10 oneiric |
Fixed 4.9.0-7ubuntu0.1
|
|
11.04 natty | Ignored end of life | |
10.10 maverick | Ignored end of life | |
10.04 LTS lucid |
Fixed 4.7.2-1lubuntu0.1
|
|
8.04 LTS hardy | Ignored end of life |
Patch details
Package | Patch details |
---|---|
rpm |
References
Related Ubuntu Security Notices (USN)
- USN-1695-1
- RPM vulnerabilities
- 17 January 2013