Package "python-rpm"
Name: |
python-rpm
|
Description: |
Python bindings for RPM
|
Latest version: |
4.9.1.1-1ubuntu0.3 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
universe |
Head package: |
rpm |
Homepage: |
http://rpm.org/ |
Links
Download "python-rpm"
Other versions of "python-rpm" in Precise
Changelog
rpm (4.9.1.1-1ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: code execution via insecure temp file use
- debian/patches/CVE-2013-6435.patch: create file with proper
permissions in lib/fsm.c.
- CVE-2013-6435
-- Marc Deslauriers <email address hidden> Fri, 16 Jan 2015 12:00:17 -0500
|
Source diff to previous version |
CVE-2013-6435 |
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the con |
|
rpm (4.9.1.1-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
crafted headers
- debian/patches/CVE-2011-3378.patch: properly validate values in
lib/header.c.
- CVE-2011-3378
* SECURITY UPDATE: denial of service and possible code execution via
invalid region tag
- debian/patches/CVE-2012-0060.patch: validate region tags in
lib/header.c, lib/package.c, lib/signature.c.
- CVE-2012-0060
* SECURITY UPDATE: denial of service and possible code execution via
large region size
- debian/patches/CVE-2012-0061.patch: check length in lib/header.c.
- CVE-2012-0061
* SECURITY UPDATE: denial of service and possible code execution via
negative value in region offset
- debian/patches/CVE-2012-0815.patch: properly handle negative values
in lib/header.c, lib/package.c, lib/signature.c.
- CVE-2012-0815
-- Marc Deslauriers <email address hidden> Thu, 17 Jan 2013 11:57:17 -0500
|
CVE-2011-3378 |
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbit |
CVE-2012-0060 |
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute ar |
CVE-2012-0061 |
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to |
CVE-2012-0815 |
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute |
|
About
-
Send Feedback to @ubuntu_updates