Wind River Support Network

HomeDefectsLIN7-2563

Fixed

LIN7-2563 : Security Advisory - rpm - CVE-2013-6435

Created: Dec 30, 2014 Updated: Sep 8, 2018

Resolved Date: Aug 4, 2015

Found In Version: 7.0.0.7

Fix Version: 7.0.0.9

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6435

Other Downloads

Wind River Linux 7.0.0.14
Wind River Linux 7.0.0.15
Wind River Linux 7.0.0.16
Wind River Linux 7.0.0.17
Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2013-6435