Posted at Help Net Security: "It is possible to create an RPM (Redhat Package Management) file
with 'corrupted' data that will cause arbitrary code to execute
when the file is queried. (eg: an rpm utility is used to gain
information about the contents of the file, such as version, build
date etc, when checking the file for corruptions against the stored
MD5 sum, etc. )"
October 25, 2001