From secunia security advisory at $URL:
1) A boundary error within the "headerLoad()" function (lib/header.c) when parsing region offsets can be exploited to cause a buffer overflow by tricking a user into e.g. checking signatures of a specially crafted RPM package.
2) An error within the "regionSwab()" function (lib/header.c) when parsing region offsets can be exploited to corrupt memory by tricking a user into e.g. checking signatures of a specially crafted RPM package.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Update to version 220.127.116.11.
RPM 4.4.x through 4.9.x, probably before 18.104.22.168, allows remote attackers to
cause a denial of service (memory corruption) and possibly execute arbitrary
code via an rpm package with crafted headers and offsets that are not
properly handled when a package is queried or installed, related to (1) the
regionSwab function, (2) the headerLoad function, and (3) multiple functions
can we stabilize =app-arch/rpm-22.214.171.124 ?
Trouble is rpm-126.96.36.199 has been in the tree only for a few days. I wanted it to get a bit more testing, but I guess something is better than nothing. Sadly we didn't have any testing of newer rpms on several architectures where older rpm has been stabilized so it will still affect users of those architectures.
I'll file a stabilization bug
(In reply to comment #3)
> I'll file a stabilization bug
Thank you. The preference is to do stabilization in the security bug itself. No need to change it this time, but just for future reference.
Stabilization completed in bug 406479. GLSA request filed.
This issue was resolved and addressed in
GLSA 201206-26 at http://security.gentoo.org/glsa/glsa-201206-26.xml
by GLSA coordinator Sean Amoss (ackle).