oss-sec mailing list archives
Re: Two rpm flaws
From: Yves-Alexis Perez <corsac () debian org>
Date: Tue, 09 Dec 2014 15:04:12 +0100
On mar., 2014-12-09 at 18:32 +0530, Huzaifa Sidhpurwala wrote:
CVE-2014-8118: It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1168715
Do you know if the other CPIO implementations/parsers are affected by this? Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Two rpm flaws Huzaifa Sidhpurwala (Dec 09)
- Re: Two rpm flaws Yves-Alexis Perez (Dec 09)
- Re: Two rpm flaws Florian Weimer (Dec 09)
- Re: Two rpm flaws Yves-Alexis Perez (Dec 09)