Vladimir Mosgalin

Name of the Vulnerable Software and Affected Versions: RPM Package Manager versions prior to 4.4.8 RPM Package Manager version 4.4.6-r3 and earlier Description: The issue is related to a heap-based buffer overflow in the showQueryPackage function in librpm, which can be triggered when the LANG environment variable is set to ru RU.UTF-8. This might allow attackers to execute arbitrary code via crafted RPM packages. The vulnerability can be exploited remotely and may lead to disruption of protected information. Recommendations: For RPM Package Manager versions prior to 4.4.8, update to version 4.4.8 or later to resolve the issue. For RPM Package Manager version 4.4.6-r3 and earlier, update to a version later than 4.4.6-r3 to mitigate the risk. As a temporary workaround, consider restricting the use of crafted RPM packages until a patch is available.