LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: rpm on SL5.x, SL6.x i386/x86_64
From:	Patrick Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 4 Apr 2012 12:17:37 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (75 lines)

Synopsis:    Important: rpm security update
Issue Date:  2012-04-03
CVE Numbers: CVE-2012-0815
             CVE-2012-0060
             CVE-2012-0061


The RPM Package Manager (RPM) is a command-line driven package management
system capable of installing, uninstalling, verifying, querying, and
updating software packages.

Multiple flaws were found in the way RPM parsed package file headers. An
attacker could create a specially-crafted RPM package that, when its
package header was accessed, or during package signature verification,
could cause an application using the RPM library (such as the rpm command
line tool, or the yum and up2date package managers) to crash or,
potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061,
CVE-2012-0815)

Note: Although an RPM package can, by design, execute arbitrary code when
installed, this issue would allow a specially-crafted RPM package to
execute arbitrary code before its digital signature has been verified.

All RPM users should upgrade to these updated packages, which contain a
backported patch to correct these issues. All running applications linked
against the RPM library must be restarted for this update to take effect.


SL5:
  i386
     popt-1.10.2.3-28.el5_8.i386.rpm
     rpm-4.4.2.3-28.el5_8.i386.rpm
     rpm-apidocs-4.4.2.3-28.el5_8.i386.rpm
     rpm-build-4.4.2.3-28.el5_8.i386.rpm
     rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm
     rpm-devel-4.4.2.3-28.el5_8.i386.rpm
     rpm-libs-4.4.2.3-28.el5_8.i386.rpm
     rpm-python-4.4.2.3-28.el5_8.i386.rpm
  x86_64
     popt-1.10.2.3-28.el5_8.i386.rpm
     popt-1.10.2.3-28.el5_8.x86_64.rpm
     rpm-4.4.2.3-28.el5_8.x86_64.rpm
     rpm-apidocs-4.4.2.3-28.el5_8.x86_64.rpm
     rpm-build-4.4.2.3-28.el5_8.x86_64.rpm
     rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm
     rpm-debuginfo-4.4.2.3-28.el5_8.x86_64.rpm
     rpm-devel-4.4.2.3-28.el5_8.i386.rpm
     rpm-devel-4.4.2.3-28.el5_8.x86_64.rpm
     rpm-libs-4.4.2.3-28.el5_8.i386.rpm
     rpm-libs-4.4.2.3-28.el5_8.x86_64.rpm
     rpm-python-4.4.2.3-28.el5_8.x86_64.rpm
SL6:
  i386
     rpm-4.8.0-19.el6_2.1.i686.rpm
     rpm-build-4.8.0-19.el6_2.1.i686.rpm
     rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm
     rpm-devel-4.8.0-19.el6_2.1.i686.rpm
     rpm-libs-4.8.0-19.el6_2.1.i686.rpm
     rpm-python-4.8.0-19.el6_2.1.i686.rpm
  noarch
     rpm-apidocs-4.8.0-19.el6_2.1.noarch.rpm
     rpm-cron-4.8.0-19.el6_2.1.noarch.rpm
  x86_64
     rpm-4.8.0-19.el6_2.1.x86_64.rpm
     rpm-build-4.8.0-19.el6_2.1.x86_64.rpm
     rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm
     rpm-debuginfo-4.8.0-19.el6_2.1.x86_64.rpm
     rpm-devel-4.8.0-19.el6_2.1.i686.rpm
     rpm-devel-4.8.0-19.el6_2.1.x86_64.rpm
     rpm-libs-4.8.0-19.el6_2.1.i686.rpm
     rpm-libs-4.8.0-19.el6_2.1.x86_64.rpm
     rpm-python-4.8.0-19.el6_2.1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV