CVE-2012-0815 - The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause

CVE-2012-0815

Summary

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

References

Vulnerable Configurations

cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:rc2:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:rc2:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.3:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.3:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.0:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.0:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.0:-:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.9.1.2:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 18-01-2018 - 02:29)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	798585
title	CVE-2012-0061 rpm: improper validation of header contents total size in headerLoad()

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment rpm is earlier than 0:4.8.0-19.el6_2.1
oval oval:com.redhat.rhsa:tst:20120451001
comment rpm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111349030
AND
comment rpm-apidocs is earlier than 0:4.8.0-19.el6_2.1
oval oval:com.redhat.rhsa:tst:20120451003
comment rpm-apidocs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111349032
AND
comment rpm-build is earlier than 0:4.8.0-19.el6_2.1
oval oval:com.redhat.rhsa:tst:20120451005
comment rpm-build is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111349034
AND
comment rpm-cron is earlier than 0:4.8.0-19.el6_2.1
oval oval:com.redhat.rhsa:tst:20120451007
comment rpm-cron is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111349036
AND
comment rpm-devel is earlier than 0:4.8.0-19.el6_2.1
oval oval:com.redhat.rhsa:tst:20120451009
comment rpm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111349038
AND
comment rpm-libs is earlier than 0:4.8.0-19.el6_2.1
oval oval:com.redhat.rhsa:tst:20120451011
comment rpm-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111349040
AND
comment rpm-python is earlier than 0:4.8.0-19.el6_2.1
oval oval:com.redhat.rhsa:tst:20120451013
comment rpm-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111349042

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment popt is earlier than 0:1.10.2.3-28.el5_8
oval oval:com.redhat.rhsa:tst:20120451016
comment popt is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100679002
AND
comment rpm is earlier than 0:4.4.2.3-28.el5_8
oval oval:com.redhat.rhsa:tst:20120451018
comment rpm is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100679004
AND
comment rpm-apidocs is earlier than 0:4.4.2.3-28.el5_8
oval oval:com.redhat.rhsa:tst:20120451020
comment rpm-apidocs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100679006
AND
comment rpm-build is earlier than 0:4.4.2.3-28.el5_8
oval oval:com.redhat.rhsa:tst:20120451022
comment rpm-build is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100679008
AND
comment rpm-devel is earlier than 0:4.4.2.3-28.el5_8
oval oval:com.redhat.rhsa:tst:20120451024
comment rpm-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100679010
AND
comment rpm-libs is earlier than 0:4.4.2.3-28.el5_8
oval oval:com.redhat.rhsa:tst:20120451026
comment rpm-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100679012
AND
comment rpm-python is earlier than 0:4.4.2.3-28.el5_8
oval oval:com.redhat.rhsa:tst:20120451028
comment rpm-python is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100679014

rhsa

id	RHSA-2012:0451
released	2012-04-03
severity	Important
title	RHSA-2012:0451: rpm security update (Important)

rhsa
id RHSA-2012:0531

rpms

popt-0:1.10.2.3-22.el5_6.3
popt-0:1.10.2.3-28.el5_8
popt-0:1.10.2.3-9.el5_3.3
popt-0:1.8.2-36_nonptl
popt-0:1.9.1-36_nonptl.el4
rpm-0:4.2.3-36_nonptl
rpm-0:4.3.3-36_nonptl.el4
rpm-0:4.4.2.3-22.el5_6.3
rpm-0:4.4.2.3-28.el5_8
rpm-0:4.4.2.3-9.el5_3.3
rpm-0:4.8.0-12.el6_0.2
rpm-0:4.8.0-16.el6_1.2
rpm-0:4.8.0-19.el6_2.1
rpm-apidocs-0:4.4.2.3-22.el5_6.3
rpm-apidocs-0:4.4.2.3-28.el5_8
rpm-apidocs-0:4.4.2.3-9.el5_3.3
rpm-apidocs-0:4.8.0-12.el6_0.2
rpm-apidocs-0:4.8.0-16.el6_1.2
rpm-apidocs-0:4.8.0-19.el6_2.1
rpm-build-0:4.2.3-36_nonptl
rpm-build-0:4.3.3-36_nonptl.el4
rpm-build-0:4.4.2.3-22.el5_6.3
rpm-build-0:4.4.2.3-28.el5_8
rpm-build-0:4.4.2.3-9.el5_3.3
rpm-build-0:4.8.0-12.el6_0.2
rpm-build-0:4.8.0-16.el6_1.2
rpm-build-0:4.8.0-19.el6_2.1
rpm-cron-0:4.8.0-12.el6_0.2
rpm-cron-0:4.8.0-16.el6_1.2
rpm-cron-0:4.8.0-19.el6_2.1
rpm-debuginfo-0:4.2.3-36_nonptl
rpm-debuginfo-0:4.3.3-36_nonptl.el4
rpm-debuginfo-0:4.4.2.3-22.el5_6.3
rpm-debuginfo-0:4.4.2.3-28.el5_8
rpm-debuginfo-0:4.4.2.3-9.el5_3.3
rpm-debuginfo-0:4.8.0-12.el6_0.2
rpm-debuginfo-0:4.8.0-16.el6_1.2
rpm-debuginfo-0:4.8.0-19.el6_2.1
rpm-devel-0:4.2.3-36_nonptl
rpm-devel-0:4.3.3-36_nonptl.el4
rpm-devel-0:4.4.2.3-22.el5_6.3
rpm-devel-0:4.4.2.3-28.el5_8
rpm-devel-0:4.4.2.3-9.el5_3.3
rpm-devel-0:4.8.0-12.el6_0.2
rpm-devel-0:4.8.0-16.el6_1.2
rpm-devel-0:4.8.0-19.el6_2.1
rpm-libs-0:4.2.3-36_nonptl
rpm-libs-0:4.3.3-36_nonptl.el4
rpm-libs-0:4.4.2.3-22.el5_6.3
rpm-libs-0:4.4.2.3-28.el5_8
rpm-libs-0:4.4.2.3-9.el5_3.3
rpm-libs-0:4.8.0-12.el6_0.2
rpm-libs-0:4.8.0-16.el6_1.2
rpm-libs-0:4.8.0-19.el6_2.1
rpm-python-0:4.2.3-36_nonptl
rpm-python-0:4.3.3-36_nonptl.el4
rpm-python-0:4.4.2.3-22.el5_6.3
rpm-python-0:4.4.2.3-28.el5_8
rpm-python-0:4.4.2.3-9.el5_3.3
rpm-python-0:4.8.0-12.el6_0.2
rpm-python-0:4.8.0-16.el6_1.2
rpm-python-0:4.8.0-19.el6_2.1

refmap via4

bid	52865
confirm	http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 http://rpm.org/wiki/Releases/4.9.1.3 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
fedora	FEDORA-2012-5298 FEDORA-2012-5420 FEDORA-2012-5421
mandriva	MDVSA-2012:056
misc	https://bugzilla.redhat.com/show_bug.cgi?id=744104
osvdb	81009
sectrack	1026882
secunia	48651 48716 49110
suse	openSUSE-SU-2012:0588 openSUSE-SU-2012:0589
ubuntu	USN-1695-1
xf	rpm-headerverifyinfo-code-execution(74581)

Last major update

18-01-2018 - 02:29

Published

04-06-2012 - 20:55

Last modified

18-01-2018 - 02:29