Information on source package rpm

Available versions

ReleaseVersion
stretch4.12.0.2+dfsg1-2
buster4.14.2.1+dfsg1-1
bullseye4.16.1.2+dfsg1-3
bookworm4.17.0+dfsg1-4
sid4.17.0+dfsg1-4

Open issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2021-35939vulnerable (no DSA)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerablechecks for unsafe symlinks are not performed for intermediary directories
CVE-2021-35938vulnerable (no DSA)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableraces with chown/chmod/capabilities calls during installation
CVE-2021-35937vulnerable (no DSA)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableTOCTOU race in checks for unsafe symlinks
CVE-2021-20271vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA flaw was found in RPM's signature check functionality when reading a ...
CVE-2021-20266vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...
CVE-2021-3521vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerable
CVE-2021-3421vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA flaw was found in the RPM package in the read functionality. This fl ...

Open unimportant issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2017-7501vulnerablevulnerablevulnerablevulnerablevulnerableIt was found that versions of rpm before 4.13.0.2 use temporary files ...
CVE-2017-7500vulnerablevulnerablevulnerablevulnerablevulnerableIt was found that rpm did not properly handle RPM installations when a ...
CVE-2010-2199vulnerablevulnerablevulnerablevulnerablevulnerablelib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...
CVE-2010-2198vulnerablevulnerablevulnerablevulnerablevulnerablelib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...

Resolved issues

BugDescription
CVE-2014-8118Integer overflow in RPM 4.12 and earlier allows remote attackers to ex ...
CVE-2013-6435Race condition in RPM 4.11.1 and earlier allows remote attackers to ex ...
CVE-2012-6088The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 d ...
CVE-2012-0815The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ...
CVE-2012-0061The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ...
CVE-2012-0060RPM before 4.9.1.3 does not properly validate region tags, which allow ...
CVE-2011-3378RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attack ...
CVE-2010-2197rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax o ...
CVE-2010-2059lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and R ...
CVE-2006-5466Heap-based buffer overflow in the showQueryPackage function in librpm ...
CVE-2005-4889lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...
CVE-2005-2096zlib 1.2 and later versions allows remote attackers to cause a denial ...

Security announcements

DSA / DLADescription
DLA-140-1rpm - security update
DSA-3129-1rpm - security update
Search for package or bug name: Reporting problems