Rpm · Rpm Package Manager · CVE-2006-5466
Name of the Vulnerable Software and Affected Versions:
RPM Package Manager versions prior to 4.4.8
RPM Package Manager version 4.4.6-r3 and earlier
Description:
The issue is related to a heap-based buffer overflow in the showQueryPackage function in librpm, which can be triggered when the LANG environment variable is set to ru RU.UTF-8. This might allow attackers to execute arbitrary code via crafted RPM packages. The vulnerability can be exploited remotely and may lead to disruption of protected information.
Recommendations:
For RPM Package Manager versions prior to 4.4.8, update to version 4.4.8 or later to resolve the issue.
For RPM Package Manager version 4.4.6-r3 and earlier, update to a version later than 4.4.6-r3 to mitigate the risk.
As a temporary workaround, consider restricting the use of crafted RPM packages until a patch is available.