drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in RPM
Name: |
Zwei Probleme in RPM |
|
ID: |
FEDORA-2014-16838 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Mo, 29. Dezember 2014, 23:39 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118 |
|
Applikationen: |
RPM |
|
Originalnachricht |
Name : rpm Product : Fedora 20 Version : 4.11.3 Release : 2.fc20 URL : http://www.rpm.org/ Summary : The RPM package management system Description : The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a description, etc.
------------------------------------------------------------------------------- - Update Information:
- Add check against malicious CPIO file name size
- Fix race condidition where unchecked data is exposed in the file system
------------------------------------------------------------------------------- - ChangeLog:
* Fri Dec 12 2014 Lubos Kardos <lkardos@redhat.com> - 4.11.3-2 - Add check against malicious CPIO file name size (#1168715) - Fixes CVE-2014-8118 - Fix race condidition where unchecked data is exposed in the file system (#1039811) - Fixes CVE-2013-6435 * Fri Sep 5 2014 Panu Matilainen <pmatilai@redhat.com> - 4.11.3-1 - update to 4.11.3 (http://rpm.org/wiki/Releases/4.11.3) * Tue Feb 18 2014 Panu Matilainen <pmatilai@redhat.com> - 4.11.2-2 - reduce the double separator spec parse error into a warning (#1065563) * Thu Feb 13 2014 Panu Matilainen <pmatilai@redhat.com> - 4.11.2-1 - update to 4.11.2 (http://rpm.org/wiki/Releases/4.11.2) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1039811 - CVE-2013-6435 rpm: race condition during the installation process https://bugzilla.redhat.com/show_bug.cgi?id=1039811 [ 2 ] Bug #1168715 - CVE-2014-8118 rpm: integer overflow and stack overflow in CPIO header parsing https://bugzilla.redhat.com/show_bug.cgi?id=1168715 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update rpm' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|