RPM Parsing Vulnerability

F-Secure products are affected by an RPM parsing vulnerability.

Several F-Secure products are affected by the following RPM parsing vulnerability: If attackers send specially-made compressed file archives to users whose antivirus software is set to scan inside compressed archives, an integer overflow occurs. The result is a controlled buffer overflow attack. It allows the attackers to control the computer on the system level.

Part of these issues have been fixed automatically in F-Secure database updates. Part of the issues require patching the affected products. Hotfixes for the products are available in the Hotfixes section.

For more information, please see F-Secure Security Advisory FSC-2008-3.