IssueDescription: It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security.
Created attachment 962159 [details] rpm-4.12-CVE-2014-8118.patch Proposed patch to limit the length of the file name to a reasonable value.
Created rpm tracking bugs for this issue: Affects: fedora-all [bug 1172125]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1976 https://rhn.redhat.com/errata/RHSA-2014-1976.html
rpm-4.12.0.1-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Statement: This issue does not affect the version of rpm package as shipped with Red Hat Enterprise Linux 5 and 6.
rpm-4.11.3-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.