Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200611-08] RPM: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
RPM: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200611-08
(RPM: Buffer overflow)
Vladimir Mosgalin has reported that when processing certain packages,
RPM incorrectly allocates memory for the packages, possibly causing a
heap-based buffer overflow.
A possible hacker could entice a user to open a specially crafted RPM package
and execute code with the rights of that user if certain locales
There is no known workaround at this time.
All RPM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rpm-4.4.6-r3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.