Multiple vulnerabilities have been found in RPM, possibly allowing
local attackers to gain elevated privileges or remote attackers to execute
arbitrary code.
Background
The Red Hat Package Manager (RPM) is a command line driven package
management system capable of installing, uninstalling, verifying,
querying, and updating computer software packages.
fsm.c fails to properly strip setuid and setgid bits from executable
files during a package upgrade (CVE-2010-2059).
RPM does not properly parse spec files (CVE-2010-2197).
fsm.c fails to properly strip POSIX file capabilities from executable
files during a package upgrade or removal (CVE-2010-2198).
fsm.c fails to properly strip POSIX ACLs from executable files during
a package upgrade or removal (CVE-2010-2199).
header.c does not properly parse region offsets in package files
(CVE-2011-3378).
RPM does not properly sanitize region tags in package headers
(CVE-2012-0060).
RPM does not properly sanitize region sizes in package headers
(CVE-2012-0061).
RPM does not properly sanitize region offsets in package
headers(CVE-2012-0815).
Impact
A local attacker may be able to gain elevated privileges. Furthermore, a
remote attacker could entice a user to open a specially crafted RPM
package, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All RPM users should upgrade to the latest version:
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.