Test ID:	1.3.6.1.4.1.25623.1.0.71552
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201206-26 (RPM)
Summary:	The remote host is missing updates announced in;advisory GLSA 201206-26.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 201206-26. Vulnerability Insight: Multiple vulnerabilities have been found in RPM, possibly allowing local attackers to gain elevated privileges or remote attackers to execute arbitrary code. Solution: All RPM users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/rpm-4.9.1.3' CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2059 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. http://www.securityfocus.com/archive/1/516909/100/0/threaded 40028 http://secunia.com/advisories/40028 65143 http://www.osvdb.org/65143 ADV-2011-0606 http://www.vupen.com/english/advisories/2011/0606 MDVSA-2010:180 http://www.mandriva.com/security/advisories?name=MDVSA-2010:180 RHSA-2010:0679 http://www.redhat.com/support/errata/RHSA-2010-0679.html SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/02/2 [oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/02/3 [oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://marc.info/?l=oss-security&m=127559059928131&w=2 http://www.openwall.com/lists/oss-security/2010/06/03/5 [oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/04/1 [security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383 http://www.vmware.com/security/advisories/VMSA-2011-0004.html https://bugzilla.redhat.com/show_bug.cgi?id=125517 https://bugzilla.redhat.com/show_bug.cgi?id=598775 Common Vulnerability Exposure (CVE) ID: CVE-2010-2197 XForce ISS Database: rpm-rpmbuild-weak-security(59423) https://exchange.xforce.ibmcloud.com/vulnerabilities/59423 Common Vulnerability Exposure (CVE) ID: CVE-2010-2198 http://www.osvdb.org/65144 Common Vulnerability Exposure (CVE) ID: CVE-2010-2199 XForce ISS Database: rpm-fsm-security-bypass(59416) https://exchange.xforce.ibmcloud.com/vulnerabilities/59416 Common Vulnerability Exposure (CVE) ID: CVE-2011-3378 MDVSA-2011:143 http://www.mandriva.com/security/advisories?name=MDVSA-2011:143 RHSA-2011:1349 http://www.redhat.com/support/errata/RHSA-2011-1349.html SUSE-SU-2011:1140 http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html USN-1695-1 http://www.ubuntu.com/usn/USN-1695-1 [oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification http://www.openwall.com/lists/oss-security/2011/09/27/3 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656 http://rpm.org/wiki/Releases/4.9.1.2#Security https://bugzilla.redhat.com/show_bug.cgi?id=741606 https://bugzilla.redhat.com/show_bug.cgi?id=741612 openSUSE-SU-2011:1203 http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0060 BugTraq ID: 52865 http://www.securityfocus.com/bid/52865 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:056 https://bugzilla.redhat.com/show_bug.cgi?id=744858 http://www.osvdb.org/81010 RedHat Security Advisories: RHSA-2012:0451 http://rhn.redhat.com/errata/RHSA-2012-0451.html RedHat Security Advisories: RHSA-2012:0531 http://rhn.redhat.com/errata/RHSA-2012-0531.html http://www.securitytracker.com/id?1026882 http://secunia.com/advisories/48651 http://secunia.com/advisories/48716 http://secunia.com/advisories/49110 SuSE Security Announcement: openSUSE-SU-2012:0588 (Google Search) https://hermes.opensuse.org/messages/14440932 SuSE Security Announcement: openSUSE-SU-2012:0589 (Google Search) https://hermes.opensuse.org/messages/14441362 XForce ISS Database: rpm-loadsigverify-code-execution(74582) https://exchange.xforce.ibmcloud.com/vulnerabilities/74582 Common Vulnerability Exposure (CVE) ID: CVE-2012-0061 https://bugzilla.redhat.com/show_bug.cgi?id=798585 XForce ISS Database: rpm-headerload-code-execution(74583) https://exchange.xforce.ibmcloud.com/vulnerabilities/74583 Common Vulnerability Exposure (CVE) ID: CVE-2012-0815 https://bugzilla.redhat.com/show_bug.cgi?id=744104 http://www.osvdb.org/81009 XForce ISS Database: rpm-headerverifyinfo-code-execution(74581) https://exchange.xforce.ibmcloud.com/vulnerabilities/74581
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.