Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code . Additionally for Mandriva Linux 2009.0 and Mandriva Linux Enterprise Server 5 updated perl-URPM and lzma packages are being provided to support upgrading to Mandriva Linux 2011. The updated packages have been patched to correct these issues.