NuytsTech Security

CVE-2012-6088

by ·

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.

Date published : 2013-01-18

http://www.securityfocus.com/bid/57138

http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43

Tags: