UbuntuUpdates.org

Package "rpm"

Name: rpm

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python bindings for RPM
  • localization and localized man pages for rpm

Latest version: 4.9.1.1-1ubuntu0.3
Release: precise (12.04)
Level: security
Repository: universe

Links



Other versions of "rpm" in Precise

Repository Area Version
base main 4.9.1.1-1build1
base universe 4.9.1.1-1build1
security main 4.9.1.1-1ubuntu0.3
updates universe 4.9.1.1-1ubuntu0.3
updates main 4.9.1.1-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.9.1.1-1ubuntu0.3 2015-01-19 16:07:01 UTC

  rpm (4.9.1.1-1ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: code execution via insecure temp file use
    - debian/patches/CVE-2013-6435.patch: create file with proper
      permissions in lib/fsm.c.
    - CVE-2013-6435
 -- Marc Deslauriers <email address hidden> Fri, 16 Jan 2015 12:00:17 -0500

Source diff to previous version
CVE-2013-6435 Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the con

Version: 4.9.1.1-1ubuntu0.1 2013-01-17 22:07:05 UTC

  rpm (4.9.1.1-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    crafted headers
    - debian/patches/CVE-2011-3378.patch: properly validate values in
      lib/header.c.
    - CVE-2011-3378
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid region tag
    - debian/patches/CVE-2012-0060.patch: validate region tags in
      lib/header.c, lib/package.c, lib/signature.c.
    - CVE-2012-0060
  * SECURITY UPDATE: denial of service and possible code execution via
    large region size
    - debian/patches/CVE-2012-0061.patch: check length in lib/header.c.
    - CVE-2012-0061
  * SECURITY UPDATE: denial of service and possible code execution via
    negative value in region offset
    - debian/patches/CVE-2012-0815.patch: properly handle negative values
      in lib/header.c, lib/package.c, lib/signature.c.
    - CVE-2012-0815
 -- Marc Deslauriers <email address hidden> Thu, 17 Jan 2013 11:57:17 -0500

CVE-2011-3378 RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbit
CVE-2012-0060 RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute ar
CVE-2012-0061 The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to
CVE-2012-0815 The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute



About   -   Send Feedback to @ubuntu_updates