CVE-2012-0060

Name of the Vulnerable Software and Affected Versions RPM versions prior to 4.9.1.3

Description The issue is related to the improper validation of region tags in RPM, which can be exploited by remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. This can be achieved by sending an invalid region tag in a package header to specific functions, including the headerLoad, rpmReadSignature, or headerVerify function. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 4.9.1.3, update to version 4.9.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the headerLoad, rpmReadSignature, and headerVerify functions until a patch is available. Avoid using invalid region tags in package headers to minimize the risk of exploitation.