Multiple vulnerabilities have been found in RPM, possibly allowing local attackers to gain elevated privileges or remote attackers to execute arbitrary code.
|Package||app-arch/rpm on all architectures|
|Affected versions||< 220.127.116.11|
|Unaffected versions||>= 18.104.22.168|
The Red Hat Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages.
Multiple vulnerabilities have been found in RPM:
A local attacker may be able to gain elevated privileges. Furthermore, a remote attacker could entice a user to open a specially crafted RPM package, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All RPM users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/rpm-22.214.171.124"